Rooting for the left

Rich Millington reviews Netroots UK and explores how it may be effective in changing the political landscape

Modern technology is of such fundamental importance to our nation's economy that it can't fail to have a profound influence in the political arena. The future of our political life lies not only in our freedom to use modern technology, but also in our ability to use it tactically and effectively. Netroots UK is a landmark movement that picks up where digital rights leaves off: promoting effective use of the powers and freedoms that we have obtained through digital technology. The event drew together hundreds of liberal individuals and organisations with the aim to increasing their clout through technology, and “building the progressive grassroots online".

It is no surprise that the left is in a state of flux: out of government and deprived of anything like the same level of influence wielded by industry lobbyists and interest groups. The first question facing the left now is "what comes next?" The Netroots UK event over the last weekend may have been the answer. 

Hosted by the TUC at their Congress Hall HQ in London on 8 January, Netroots UK attracted a wide range of activists (tickets had sold out by 5 January). The left was represented in all its forms: anarchists, feminists, migrant's rights workers, trade unionists, disability activists and Johann Hari. The feeling that "we might be onto something" kicked in early during the morning plenary, and persisted throughout the day. The outside world was treated to Matthew Taylor of The Guardian reporting from inside the event, with the item attracting a number of comments. 

The day began with a message from Brendan Barber, general secretary of the TUC, confirming that we were very much in the land of the unions. He came across as reasonable and realistic, however, and struck a positive chord, as did the video message from Daily Kos blogger himself, Markos Moulitsas Zuniga. The plenary session followed with key organiser Sunny Hundal (Liberal Conspiracy), along with Polly Toynbee (The Guardian), Sunder Katwala (Fabian Society), more TUC from communications head Nigel Stanley, and Clifford Singer (False Economy).

The workshops I attended were brilliant; the range of subjects covered was impressive, with everything from video-making through to campaign planning, blogging, and social media tips. The aim seemed to be to give attendees the chance to attain a functional standard of digital campaigning in all areas, or at least help them identify what they need to be knowing and doing. It makes sense at this early stage to concentrate on achieving a certain proficiency in digital activism. If there were a national curriculum for this sort of thing, it would look a lot like the Netroots workshop programme.   

The prevailing message recognised both the power of the net and the importance of unity, with Clifford Singer commenting on how social media can both bypass and influence the mainstream media, and Polly Toynbee warning against the movement becoming mired in old style left-wing sectarianism. But the mood this time, she says, is different; the reason for this is potentially present in the title of the morning session: "Strategy for Campaigning Against the Cuts".

The cuts are galvanising activists against a common opposition with notable effect. Not only does the alleged Tory "shock doctrine" demonstrate the core ideological difference between "them" and "us", it also has a real impact. People are seeing the effects of the cuts in their day-to-day lives, making the issue less abstract and far more visceral. It is, in essence, the perfect storm for Netroots UK to apply itself to altering the current political landscape. 

It was suggested, once or twice, that all present should join the Labour Party, which resulted in some low-key, indignant mumbling and awkward glances of "Are you sure? Is that really appropriate?" - enabling critics to argue that it was just a "Labour recruitment event". But Labour recruitment or propagandism is not helpful in the least; the movement must be critical and formative, not blindly partisan.

The hallowed Labour-Trade Unions axis, revitalised with Ed Milliband's ascension, was well represented at the event, but if Labour think that this association can yield results, they're wrong. Labour will still be the party of the deficit, Iraq, 10p tax, the private finance initiative and Peter Mandelson for a while to come.

Ultimately, the Labour Party are not deserving of Netroots UK's endorsement, as they are incapable of representing the various groups that attended the event, and certainly do not demonstrate the same progressive liberal values.  

Labour can move back to the trade unions if they like, and the TUC can position itself at the head of the online progressive grassroots and the anti-cuts movement, but why should non-union members believe that union leaders represent their interests any more than industry lobbyists or incumbent right-wingers would? Labour and the TUC will be seen as just more narrow interest groups with a disproportionate influence on policy.

As it stands, Netroots UK is a little lost for political focus. The only way to remedy this—and make the UK's progressive movement truly effective—is to find elected representatives who can carry progressive values into parliament with some level of integrity and credibility. Without this, the left will remain divided and conquered: able to construct eloquent campaigns on policy issues, yet unable to support cohesive election campaign.

Although a powerful opening shot in the progressive liberal counter-attack, unless Netroots UK can organise a fresh party political movement, we're locked in the current stalemate for the foreseeable future. 

Image: Netroots UK

Spinners, scaremongers and songsters

With the Digital Economy Act up for review, it's important to look back at the history of the controversial bill and potential motives of the key players involved

As the vastly unpopular Digital Economy Act 2010 (DEA) is set to undergo a judicial review in 2011, it is crucial to understand how the Act ever came to be in the first place. A key consideration, which cannot be over-emphasised, is the role of the UK music industry. The lobby—in particular the BPI—is often identified with UK pro-rightsholder copyright lobbying; it is therefore unsurprising that the BPI was a major driving force behind the DEA.

Copyright maximalism—to which the BPI and DEA are aligned—wants copyright to be reformed solely to boost the protection given to rightsholders: longer length, wider coverage, reduced exceptions, and harsher penalties (sought at reduced cost to the rightsholder) are hallmarks of the lobby’s typically successful demands.

But the entertainment and publishing industry has not always sought to maximalise the reach of copyright. As late as 2005 the BPI still proposed a limited quid-pro-quo: some new user rights should be created in UK copyright law, in exchange for easier enforcement against pirates; the government agreed, arguing for modernisation and balance in copyright. This was highlighted by Gordon Brown’s reception of the Gowers report in December 2006.

Yet, for reasons unknown, this balanced approach was abandoned by the BPI in 2007. Crucially, the UK government also followed suit, kicking off a policy process that resulted in the DEA.


Changing tunes

Government commissioned a post-Gowers report from the think tank The Work Foundation to look at the value of (existing) copyright industry interests to the (existing) British economy; it was published in July 2007. User rights and the value of “copyleft” (e.g. Creative Commons) approaches to content were not part of the Work Foundation’s remit; furthermore, when the Department for Culture, Media and Sport (DCMS) effectively transposed that report into its own subsequent “Creative Britain: New Talents for the New Economy” paper in February 2008, it also omitted to cover these crucial components. Furthermore, the UK Department for Business, Enterprise and Regulatory Reform (BERR) used the February 2008 Creative Britain report to launch a consultation on a P2P-piracy crackdown in July 2008.

Whether deliberate or negligent, these moves marked the point at which any quid-pro-quo, or official challenge to the maximalist policy agenda, was dropped entirely. By making no concessions or considerations for user rights or copy-left, New Labour’s copyright policy program was, in effect, entirely supportive of maximalism’s aims.

BERR then brokered a largely unfruitful agreement between major UK ISPs and major UK entertainment lobbies (namely the BPI and MPA) for anti-piracy cooperation. Proponents of copyright maximalism then sought ways of convincing the public that draconian protection of their portfolios was necessary.

The government said that a “regulatory imbalance” between digital media and television could be made "fair" again by imposing more regulation on the former. Andy Burnham, Secretary of State for Culture, Media and Sport, asserted: "It is not just about copyright or intellectual property but [things like] taste and decency in the online world. The time will come to say what are the direct interventions [needed, if any]."

In late October 2008, Lord Mandelson, working on the Digital Britain Report, made the unprecedented step of leveraging the developing global financial crisis to once again reinforce the idea that protection of the current major players in the copyright industry was vital to the UK economy. Lord Mandelson stated: "For the present financial and banking crisis, Britain must get through the worst and prepare for the upturn. The digital economy will be central to this. The Digital Britain Report will lead the way."

This was followed shortly by Mr Burnham making a speech to the new "super" lobbying group, UK Music, which was formed to unite music industry lobbying behind a maximalist line. He announced that this is “a time that calls for partnership between government and the music business as a whole: one with rewards for both of us; one with rewards for society as a whole. [...] My job—government’s job—is to preserve the value in the system.”

As the global economic crisis deepened in the closing stages of 2008, other special lobby interest groups joined in by producing highly speculative and flawed studies showing that, for example “unless ways are devised to encourage infringers to legal alternatives, the retail industry risks further job losses along the scale of the 30,000 already lost at Woolworths” and “creative industries employ 400,000 people, and [it is] estimated that piracy costs up to £1.5bn in lost revenue each year" - further nailing home the idea that the traditional "value" in the system can and should be "protected".


A pantomime sets the scene for an Act

On 2 April 2009, Lord Andrew Lloyd Webber launched a House of Lords debate on online piracy. He warned of “cataclysmic consequences for all the creative industries if this area remain[ed] unregulated” and that “children's future livelihoods [were] being compromised by inaction”. Playing to the fear and technological naiveté of the company present, he stated: “Illegal file-sharing spreads viruses and inappropriate, and unexpected, content for minors. There are even dire predictions that the internet will grind to a halt over the next few years. Dealing with piracy removes that threat”. Lord Lloyd Webber’s argument, much like Lord Brit’s “stealing music in digital form is just as immoral as stealing a CD from Tesco", is a fallacious argument which only serves to skew the debate.

In June 2009 the UK Department for Business, Innovation and Skills (BIS) then launched a post-Digital Britain consultation on proposed “technical measures” to interfere with the internet connections of “pirates”. Disconnection was not an option, and BIS announced: “To be absolutely clear - there is no intention to require ISPs to monitor the activity of their customers.”

But two months into the consultation, Lord Mandelson was reported to have met with music industry mogul, billionaire and DreamWorks film studio co-founder, David Geffen, and just two weeks later, on 25 August 2009, BIS interrupted its consultation. “Our thinking has evolved" it announced. “The previous proposals, whilst robust, would take an unacceptable amount of time to complete in a situation that calls for urgent action” and, if given the power to amend UK law himself, “the Secretary of State [Lord Mandelson] can do this much quicker”. Most worryingly, BIS did a U-turn on their position on disconnection: “Some stakeholders have argued strongly that none of those technical measures is powerful enough [...] We are considering the case for adding suspension of accounts into the list of measures that could be imposed.”

Evidence then emerged that the BPI had been the source and author of an amendment accepted in the House of Lords forcing ISPs to block access to entire websites accused of hosting copyright-infringing material.

Incidentally, March 2010 also saw allegations of “bullying” by rightsholders and law firms that had streamlined the enforcement of copyright against ordinary internet subscribers.

At this point, some European and UK trade unions (including the TUC and Unite) supported New Labour’s maximalist efforts. The BPI chimed in, claiming, “we're approaching a tipping point where investment in our talent will dry up due to mass illegal downloading.”

Even so, in the days leading up to the passage of the Bill, the wheels looked like they might be falling off; public criticism of the Bill was tremendous as the Facebook group "Against the Digital Economy Bill" exceeded 25,000 members, and MP Stephen Timms, dubbed “Minister for Digital Britain”, bemused onlookers when he wrote that IP address stood for "Intellectual Property address". Yet, it can be concluded that the government used the exceptional circumstances (impending dissolution of Parliament) to force the Bill through “wash-up” without proper debate and with most MPs away, campaigning in their constituencies. The Digital Economy Bill squeezed into law as New Labour was kicked out of office.


Please return to your seats for the start of Act II

 The maximalist lobby has now shifted its attention internationally. Pushing the Anti-Counterfeiting Trade Agreement was its global summer project, and the Open Rights Group's latest FOI requests show the BPI pushing the new UK government to lobby the European Union on its behalf.

The UK is still waiting to see what will be done with the Digital Economy Act. The Lib Dems have called for its repealBT and TalkTalk have won the right to a judicial review of the Act; Ofcom is struggling to ready a legitimate and fair ‘Initial Obligations Code’ through which the Digital Economy Act is expected to be enforced.

This Act, as ever, remains infuriatingly unpredictable. Stay tuned.

Image: CC-AT-SA Flickr: misstraceynolan (Tracey Nolan)

The year without the BPI

I used to spend £50 a month on music. Six months into my boycott of BPI, I examine who gains and loses - and how much.

About six months ago, when the Digital Economy Bill became the Digital Economy Act, I decided to try a little experiment: for a year, I was going to live without the BPI. That meant not buying any music released on a BPI-affiliated label, or downloading any such music - if I was going to do this, I was going to do it by the book.

I wanted to know what effect this would have on my music-buying habits: would I spend more or less; how would I find out about new music; would I find artists I otherwise would not have found; and would there be artists whose music I would regret not being able to buy?

Now, in the six months leading up to this experiment, I was spending an average of £50-60 a month on music. I was buying music from a fairly varied range of sources: impulse buys at the supermarket, the occasional Amazon order, CDs directly from artists at gigs and from buskers in the street; and I was maybe downloading a couple of albums a year off the Internet - mostly torrents.

My music taste isn't exactly compatible with the charts these days, but there were a couple of reasonably successful artists whose music I was buying. I'm talking Sting and Florence & the Machine here, not Leona Lewis. At the same time, I had already started paying a lot more attention to where my music was coming from, as artists like Amanda Palmer and The Indelicates had publicised the difficulties they were having with their respective labels. So the transition to boycotting the BPI was actually a lot smoother than it might be for some people.

Here are some of the key things I've discovered over the last six months.

  • The amount of money I spend on music has gone down significantly. This is not necessarily exclusively down to boycotting the BPI (I've had tech issues which make managing music more difficult, and my household spending priorities have changed slightly), but the experiment certainly plays a role, in a number of ways which we'll come to.
  • Where previously I might have spotted a CD in the shops that I fancied, or seen a YouTube video and ordered the album from Amazon, that is now mostly not happening. The kind of music sold in shops or on Amazon tends to be by signed artists on BPI-affiliated labels.
  • As an extension of the above, I have this assumption in my mind that if I hear of an artist through anything even remotely resembling mainstream media (the Mercury Prize, the BBC's coverage of the major festivals across the summer), that artist must be with a BPI-affiliated label and is thus off limits. A good example here is The XX who won the Mercury Prize for their album - which was not released on a BPI-affiliated label. I only found this out accidentally and would otherwise never have considered buying the album.
  • Finding new music that I can buy takes longer. It actually takes a conscious effort to look at artists' websites, or at places like Corporate Records, listen to samples, and decide what to buy. I don't always have the time and energy to do that, which is another reason my spending on music has decreased.
  • As a result, I have tended to stick to artists I know. I have bought nearly everything I could get my hands on by Amanda Palmer, Zoe Keating, The Indelicates and Bitter Ruin - simply because these are artists I know and like whose music is not released on BPI-affiliated labels. Sometimes I will check out artists recommended by some of these people, but again, that takes time and effort.
  • Where artists have put their music online for free, I have been careful to listen to it online but not download a copy unless I'm paying for it. It just feels like the right thing to do, even if people like Steve Lawson positively go out of their way to encourage me to download their music for free.
  • I have been paying a lot more attention to second-hand CD stalls and picking up the occasional impulse buy from there. It's a legal way of buying BPI-released music, without paying the BPI for it. It's far from ideal as artists don't get their dues from second-hand sales either, but what's a Red Hot Chili Peppers addict to do?
  • Finally, there have been a number of regrets: artists whose music I would really like to buy but can't, at least until the year is out. None of them have been big-name artists. They've been the people who are signed but don't quite get the support from their label that they deserve and as a result stay on the fringes of the music business, never making it really big. They're people like Regina Spektor whom I went to see live, and Melissa auf der Maur, who is doing all sorts of funky things with the way she's releasing her music but is still with a BPI label unfortunately.

Now at the half-way mark of this experiment, the major conclusion I seem to be drawing is that, while the BPI will hardly notice my missing dollars, it's the small acts either side of the signed/unsigned threshold—people like The XX or Melissa auf der Maur—who will. This is unfortunate and very much not the intended effect. I will still stick with the experiment for another six months (expect a progress report then!), but there's probably a better model for hitting the BPI without penalising artists.

In the meantime, if you want to play along at home, BPI Radar (and the companion RIAA Radar) is a really good place to start.


Milena is an economics & politics graduate, an IT manager, and a campaigner for digital rights, electoral reform and women's rights. She blogs at and tweets as @elmyra.

Image: CC-AT Flickr: StartAgain (Gary Denham)

Data protection: myths and misses

The EU Data Protection Directive has been around for 15 years, and is now up for revision - but what is it, and how is it relevant to you?

From the Tech and Law blog, based on a talk at BarCampLondon8.

Here are a dozen common statements you may have heard about data protection. That doesn't mean they're true. 



1. “Data protection law aims to protect people’s privacy.” - False

Or rather, half false.

The law was meant to encourage the free movement of data within the EU by harmonising national EU data protection laws while protecting "to a high level" people's fundamental rights, particularly privacy, in relation to the processing of their personal data "wholly or partly by automatic means".

It tries to do this by requiring EU states to make data "controllers", those who decide the "purposes and means" of automated processing of personal data, to register with data protection authorities and to process personal data only in compliance with a set of data protection principles, such as processing personal data fairly and lawfully.

There are other laws which can often better help protect privacy - those on confidential information in the UK; electronic communications privacy rights under the Directive on Privacy and Electronic Communications; the right to respect for private and family life, home and correspondence in article 8 of the European Convention of Human Rights, which in the UK has helped evolve a right to prevent the misuse of private information; and the EU Charter of Fundamental Rights. The Charter actually sets out separate rights to respect for private and family life, home and communications, and to the protection of personal data.


2. “Laws across the EU provide the same level of data protection.” - False

The Directive was meant to harmonise data protection laws across the EU, but it's not what's called a "maximum harmonisation" measure, so individual countries are free to go beyond its minimum requirements, and some have.

Whose data gets protected can vary. The penalties for not following the data protection principles can be vastly different across countries too, from a wag of the finger in one country to jail time in another.


3. “Personal data” is… well, private information about a person, surely?" - False.

It's "any information relating to an identified or identifiable natural person ('data subject'); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity."

That's really wide, and it's meant to be. It could be a name, social security number or NHS number, photo, video, voice; anything objective or subjective relating to an identified or identifiable human being. "The man in the black suit waiting at this traffic light" could identify someone.

What's "personal data" depends not just on its content but on the context too, such as why it's being processed, and the potential impact the processing may have on the person. The value of a house isn't personal data if it's used only to show average property prices in the area, but it is if it's used to work out the owner's tax liability.

But the UK courts have narrowed down the scope of "personal data", which under the UK Data Protection Act 1998 was already narrower than under the Directive anyway, by saying data "relates to" someone only if it affects their privacy. Just because a document mentions someone by name doesn't mean it's automatically their "personal data". The European Commission reportedly weren't impressed, but although they've taken the UK to the second stage of infringement procedures because they don't think UK law properly implements the Directive, their second stage issues don't seem to include the scope of "personal data".

It's also worth mentioning that certain "special categories" of personal data, considered to be particularly sensitive, get more protection under the Directive. For instance, "explicit" consent may be needed for their processing. These include personal data about political opinions, religious beliefs, sex life, race or ethnic origin, and of course, health data. Even trade union membership is included. Interestingly, however, data about finances would not be considered "special category" sensitive personal data.


4. “'Processing' personal data involves doing something with it.” - False

"Processing" personal data under the Directive includes just looking at it or accessing it, communicating it, holding or storing it, uploading or downloading it, recording, editing or deleting it - pretty much anything you can do with it, as long as it's done "wholly or partly by automatic means", eg through using a computer, mobile phone, iPad, ebook reader...

That includes publishing or even viewing personal data on a website, sending emails, etc.

Manual processing is caught only if the personal data is in a structured filing system, which might include an address book. Furthermore, in the UK, official health records are included, as are hard copy paper records held by public authorities, so long as they contain "personal data" of course.


5. "You can process personal data freely if it's already public knowledge." - False

Personal data that's publicly available, such as email addresses published on the internet in newsgroup postings, is still personal data, and is generally still protected under data protection laws.

In Finland, the tax authorities publish income and tax data. A company set up a service whereby you could send an SMS text to a number with someone's name and area of residence, and get back info on their income and assets. Could the company  escape data protection regulation because the data was already public? The European Court of Justice thought that processing public domain personal data still involved the processing of personal data within the scope of the Directive. However, as a separate matter, they said the company could nevertheless take advantage of an exemption if the Finnish court decided that it applied.


6. “Only personal data of EU residents is protected.” - False.

Actually, EU regulators generally take the view that everyone's personal data should be protected, EU or non-EU.

Whether in practice an EU country would take the trouble to follow up a data protection breach if the personal data involved wasn't that of its own citizens or residents is, of course, a different matter.


7. "Only EU organisations are caught by EU data protection laws." - False

For starters it isn't EU, it's EEA - this Directive applies across the EEA, not just the EU, so it's good in Norway, Iceland and Liechtenstein too.

Furthermore, it's not just organisations that are caught. People can be data controllers too, if they control the purposes and means to automatically process personal data. 

It's just that there's a let out, what's often called the "household exemption", for people who process personal data "in the course of a purely personal or household activity". In 2003 the European Court of Justice said that this means "activities which are carried out in the course of private or family life of individuals, which is clearly not the case with the processing of personal data consisting in publication on the internet so that those data are made accessible to an indefinite number of people."

If you wonder about that last bit and how it affects developments like blogging, social networking and micro-blogging sites such as Twitter, well so do we all. On a strict view, you could become a data controller just by publishing personal data on a blog or social networking site which is public access or which search engines can index. Tightly limiting access to the information only to "self-selected contacts", eg publishing on a private blog, should, however, be okay.

Additionally, other exemptions from data protection law include national security, defence and law enforcement - as expected.

Finally, the Directive catches data controllers who are "established" in the EU, for example, residing or with an office here and who process personal data in the context of their EU activities, or who are not established in the EU but "make use of equipment" in the EU otherwise than for transit through the EU. These data controllers theoretically should be required to comply with EU data protection laws wherever in the world they process personal data, whether the personal data is of EU people or non-EU people.

The "making use of EU equipment" element is how EU regulators say that the Directive applies to US advertisers who plant cookies and the like on the computers of web users living in the EU. This approach is not uncontroversial. Some feel that if the EU wants to catch non-EU organisations or people who deliberately target their services at people in the EU, the EU should say so, rather than adopting the misleading device of "using equipment" in the EU and perhaps straining its meaning.


8. "You can easily get hold of all documents an organisation holds that contain your personal data." - False

You're getting the picture now, aren't you?

In the UK, it's not that easy. You have to ask for the information and, unlike most freedom of information requests, you have to pay a fee for it - currently £10. In the case of many organisations which don't know the law, you may also have to convince them that yes, you actually are entitled to the information.

Your subject access right, as it's called, isn't a right to documents; it's a right to find out certain information they hold about you and your personal data. They can't just refuse to give you the information because it's in a document which contains other info that you're not entitled to see. They can blank out or edit out the other stuff, and they should.

Last resort, you could complain to the UK Information Commissioner's Office. They do the best they can, but the government doesn't give them as much funding as many feel they really need in order to do their job properly, so they're stretched more thinly than they perhaps should be.

Don't forget though that the UK courts take a rather restrictive view of what qualifies as personal data, as mentioned above, so you may not get much information for your tenner.

9. "If someone processes your personal data without your consent

  • you can get compensation 

  • they're committing a criminal offence." 

- False x 2

Remember the data protection principle that says personal data must be processed fairly and lawfully? For that requirement to be satisfied, one of a set list of conditions has to be met, and in addition, the processing has to be fair.

Consent is one of the listed conditions, but it's not the only one. There are other grounds which a data controller can use to legitimately process your personal data, such as the processing being necessary for the performance of a contract you entered into.

So, refusing or withdrawing your consent would put the data controller in breach of data protection laws only if your consent was the sole legitimate basis for their processing.

Say that consent is the only legitimate basis for processing and you refuse it, but they process your personal data anyway. Surely you can get compensation in that case?

Nope. Not in the UK. The Directive requires member states to provide compensation for anyone who suffered damage as a result of an unlawful processing operation, but in the UK, "damage" is taken to mean financial damage. You can get compensation for distress only if you also suffered damage, or if the processing was for special purposes (mentioned at 12 below). It's not easy to prove financial loss resulting from breach of data protection rules, of course, and very few people have managed to win any compensation in the UK. Movie stars Michael Douglas and Catherine Zeta-Jones won only a token amount for this element when unauthorised photos were taken at their wedding, the automated aspect involving the photos being transmitted by ISDN, viewed on screen and published on a Hello! magazine website.  One of the reasons the European Commission moved to second stage infringement proceedings against the UK in relation to the Directive is because they take the view that in the UK "The right to compensation for moral damage when personal information is used inappropriately is also restricted."

What about a criminal offence? In the UK blagging, obtaining or disclosing personal data, is a crime if it was done knowingly or recklessly without the consent of the data controller. That's right, the data controller, the person who holds the data - not the person the data concerns. But it's only punishable by a fine. There could be power to imprison people for this, but the government haven't brought it in yet.

You could always try asking the Information Commissioner's Office to do an assessment of processing that you think is unlawful if you've been directly affected by it.


10. “You can stop others from processing your personal data if you don’t want them to.” - False

In the UK, you can only stop your personal data from being processed if -

  1. It's direct marketing - you do have the right to stop junk mail and spam.
  2. Decisions are made about you, which "significantly affect" you, based only on automated means, such as insurance decisions. You can ask for review by a human and find out the logic behind the automated decision, but there are exemptions, as you'd expect.
  3. The processing was based on certain, very limited grounds (like where the processing was necessary for the legitimate interests of the controller or third party receiving the data) and is causing or likely to cause you "unwarranted and substantial" damage or distress.

Of course, if the only basis for the processing was consent, you can stop the processing by withdrawing your consent, as mentioned above.


11. “Posting other people’s personal data on Facebook etc is fine.” - False

That's processing personal data by automatic means. If you "determine the purposes and means" of the posting, which you will do as you've decided to post it there for your own reasons, you may be a "controller". (Facebook may be too, but that's a different story.)

Most of us would try to claim the household exemption, but if you have 10,000 "friends" it starts to get a bit harder to say that it's purely personal and domestic. And if you're doing it for work purposes, you can't use the household exemption (although another exemption may help - see 12).

Back in 2003 a Swedish church worker published on her personal website some info about her and some colleagues which described, in a mildly humorous manner, the jobs held by her colleagues and their hobbies. In many cases family circumstances and telephone numbers and other matters were mentioned. She also stated that one colleague had injured her foot and was on half-time on medical grounds.

She hadn't told her colleagues or got their consent and she hadn't notified the Swedish data protection authority, but she took down the pages once she became aware that they "were not appreciated" by her colleagues. She still got prosecuted and fined for not notifying as a data controller and for processing sensitive personal data without consent. The case went all the way up to the European Court of Justice, but she was out of luck. The regulators here are maybe more likely to go after the bigger fish, but who knows. Don't say you weren't warned.


12. “Journalists and bloggers can freely publish personal data.” - False

There is a "journalistic exemption", which some may be able to use to process personal data even if they can't take advantage of the household exemption.

Obviously investigative journalists need to be able to record and publish personal data on the people they're investigating without having to let on that they're under the microscope by asking for their consent.

But the exemption goes wider than that. If you process personal data "solely for journalistic purposes or the purpose of artistic or literary expression", you may be able to benefit from this exemption.

However, it's not an absolute unrestricted exemption - freedom of expression has to be balanced against the right to privacy, and sometimes privacy trumps free speech. It really depends on the circumstances.

One good thing about this exemption is that the European Court of Justice have said that "journalistic purposes" is "the disclosure to the public of information, opinions or ideas" by anyone "engaged in journalism", not just the traditional official media. So bloggers may be able to use it too. 

The bad news is that in the UK this broad exemption for journalistic, artistic or literary purposes, which UK law calls "special purposes", has been cut down. It only applies in narrower circumstances. For instance, it can't be used unless the processing is with a view to publishing journalistic, literary or artistic material and the data controller reasonably believes that the publication would be "in the public interest".


And finally...

The European Commission is going to propose a modernised version of the Directive next year. It recently issued a Communication (see FAQs) outlining its strategy and approach.

If you have views and want to respond, the deadline is 15 Jan 2011.

Here's a more memorable URL for the consultation - There was a previous consultation in 2009 before the publication of the Communication, to which there were quite a few responses, which make interesting reading. ORG contributed to the EDRI response.


More info

The UK Information Commissioner's Office has a very good website. Check it out. Their response to the Ministry of Justice's call for evidence on data protection in the UK, which the UK will take into account when it is negotiating the expected updates to the Directive, is also worth a read.

EU data protection authorities the Article 29 Data Protection Working Party have produced various opinions and guidance, such as on social networking, search engines, transfer of passenger name records outside the EU, and online behavioural advertising. 

Image: CC-AT Flickr: rpongsaj (Rob Pongsajapan)

Love virtually

It is estimated that more than 20 million people visit dating websites each month. How can we explain this surge in their popularity? Laura MacPhee offers a critical assessment of the benefits and drawbacks of online dating

My instinctive scepticism about online dating is probably testament to the power of the entertainment industry. How many great love stories begin with the entry of one’s vital statistics and credit card details into an online form? Jane Eyre probably wouldn’t have looked twice at Rochester’s profile. Then again, he would probably have had the wit to use Photoshop, merely deferring her disappointment.

What would have happened if Juliet had been able to exclude the House of Montague from her search results? She might have saved herself a lot of trouble. Perhaps there is something in this online dating lark after all.

There must be some reason why this is one industry which seems virtually recession-proof. In times of hardship we look for glimmers of optimism, and this seems to be what online dating companies offer. They proclaim that anyone can find love, and, drunk on this possibility, we all seem to have signed up.

It is hardly a new concept. The first personal ad appeared in the Manchester Weekly Journal in 1727. Admittedly it could have been better received. The “lonely spinster” involved spent the next four weeks in a lunatic asylum. Of course that wouldn’t be possible today - we'd have a serious problem of overcrowding on our hands.  

Be that as it may, printed ads never enjoyed the same popularity as their digital progeny. The ease with which one can sign up to a dating website and "browse" potential suitors is undoubtedly an attraction. The promise of confidentiality seems to have erased much of the embarrassment users might feel about employing such services.

But what leads people to use them in the first place? Whatever happened to meeting potential partners at social events, or in the office? A banker friend of mine illuminated this point for me over brunch one day:

“Laura,” he said, pouring syrup over his pancakes. “I simply don’t have time to meet women. I am tempted to try one of these online dating agencies.”

This is the plight of young professionals who have to work unseasonable hours to build their careers. If they are not already in relationships when they enter their careers, there are limited opportunities for embarking on them. This has prompted the rise of websites such as and

I may be being naïve, but I felt that this suggested a more rudimentary difficulty. If he didn’t have time to meet women, how did he propose to sustain a fulfilling relationship? I wasn’t suggesting that he sacrifice our Sunday brunches together, but it did seem difficult to reconcile. As the old cliché runs, relationships (and fledgling relationships in particular) take work. Likewise, work takes work. He seemed to be a victim of the culture which declares that we can have it all, and if we don’t, we have somehow failed. Dating websites seem to feed off such insecurities, and what a feast it is.

Niche dating websites are becoming increasingly popular. When one types “Dating websites” into Google, Instant inserts the word “for” afterwards. Whether you are a tennis enthusiast, a millionaire or an “ugly person”, there is an online dating website for you. For the most part these seem harmless. Indeed it offers an efficient way of finding like-minded people, with whom one would presumably be more compatible. However, I was horrified to discover that one of Google’s first suggestions is “dating websites for married people”. It seems repugnant to operate a company whose aim is promote infidelity. Call me old fashioned.  

I imagine privacy is even more of a concern for such websites’ philandering patrons than it is for other online daters. Privacy and security are two major issues. The internet is an open resource, and when we enter personal information onto the web, we do make ourselves vulnerable to misuse. Dating websites must publish their security and privacy policies, which prudent users would be advised to read. It is important to note such information as whether the company will share your information with other agencies. It is the responsibility of users to ensure that they feel comfortable with the amount of information they are providing. Most websites will allow you to create an account even if you have not completed every field, or included a photograph.

Another clear risk is the uncertainty inherent in the online community; there is no guaranteed way to verify information. This can be problematic when it comes to trivial things such as hair colour, or graver issues such as age. Most dating websites require that their users are over 18 to ensure everyone is a consenting adult; but it is easy to misuse nonetheless.

Furthermore, users have reported disenchantment where the published photograph does not resemble the person they actually meet. Ross Williams, the founder of Global Personals, has come up with an innovative solution to this – his website uses “a new thing…that takes a photo using a webcam and puts a time and date stamp on it.” This should give users more confidence that what they see is what they will get.

The most serious threat is to personal safety. It is vitally important to remember that the other person is a stranger, however well acquainted one may feel. There are certain precautions which users ought to take, such as meeting in a public place, and telling a friend where they are going. Indeed, it would be wise to exercise such care when meeting up with someone you had only met once in person. With these safety nets in place, you can then get back to deciding whether you've chanced upon your soul mate.

Loath though I am to say it, online dating does seem to work. Yes, it seems sterile and mechanised. Yes it is devoid of the spontaneity of traditional romance. Nonetheless, we are never far away from hearing an online dating success story. Perhaps I am the odd one out here.

Will our generation’s great love stories all begin on I suppose what ultimately matters is that everyone lives happily ever after. 

Laura MacPhee is recent graduate of Oxford University, where she read Jurisprudence. She researches copyright related issues for the Open Rights Group. 


Image: CC-AT Flickr: aeon (Felipe Venancio)

Featured Article

Schmidt Happens

Wendy M. Grossman responds to "loopy" statements made by Google Executive Chairman Eric Schmidt in regards to censorship and encryption.

ORGZine: the Digital Rights magazine written for and by Open Rights Group supporters and engaged experts expressing their personal views

People who have written us are: campaigners, inventors, legal professionals , artists, writers, curators and publishers, technology experts, volunteers, think tanks, MPs, journalists and ORG supporters.

ORG Events