2016 – Page 11 – Panopticon

The IPSO Review

Posted on 24th February 2016 | by Christopher Knight

Like a baby found in a basket of reeds, the long-awaited review of the Independent Press Standards Organisation (IPSO) has appeared over the horizon.

Today IPSO issued a press release announcing the appointment of Sir Joseph Pilling, a retired civil servant, to conduct a review of its independence and effectiveness (for coverage of which see here). The review will be assisted by 11KBW’s own Zoe Gannon.

The terms of reference are available on its website and it is inviting submissions from the general public and key stakeholders. I suspect regular readers of Panopticon will have a lot of things to say (at least some of which will not be a Moses-based pun) and may want to get in touch.

In any event, we look forward to hearing what Sir Joseph concludes on whether IPSO is successfully regulating the press. The plan is for the review to have concluded in six months.

Christopher Knight

Anya Proops has been appointed as Queen’s Counsel today

Posted on 22nd February 2016 | by Claire Halas

Panopticon is very pleased to announce that our own Anya Proops has today been appointed as Queen’s Counsel. Anya is a leading practitioner in the field of information rights and, along with Timothy Pitt-Payne QC, was responsible for founding Panopticon. Congratulations Anya!

IP addresses – personal data?

Posted on 12th February 2016 | by Anya Proops KC

The question of how data protection rights cash out within the online environment is without doubt one of the more difficult questions which data privacy practitioners have to tackle. One major area of contention is the extent to which data protection legislation applies to ostensibly anonymous, impersonal online data. This is an issue which our own Court of Appeal considered last year in the case of Vidal-Hall v Google. In that case, the Court of Appeal readily accepted that there was at the very least a serious issue to be tried on the question of whether tracking data used by Google to track the browsing activities of Google users amounted to ‘personal data’. This was despite the fact that Google did not generally know the name of the user in question: its tracking operation entailed the tracking of individual devices, rather than named individuals. According to the Court, there was a serious issue to be tried the question of whether the tracking data amounted to ‘personal data’, particularly in view of the way in which Google’s appeared effectively to individuate end users through the use of cookie technology.

What then of IP addresses? Can they too amount to personal data, despite the fact that they may not per se themselves yield any specific name or other traditional identifier? This is the issue which the CJEU will be addressing in the forthcoming case of: Breyer (Case C-582/14), due to be heard by the CJEU on 25 February 2016. Whilst of course nothing would give me greater pleasure than to wax lyrical on the particular technical arguments which lie behind this case, I feel I must defer to this easy-to-follow analysis on EU Law Radar. But I will just point out that as long ago as 2007 the Article 29 EU Working Party was prepared to express the view that the definition of ‘personal data’ in the Data Protection Directive was wide enough to encompass IP addresses (see its Opinion 4/2007). Given the current direction of travel within Europe in terms of giving online data privacy legislation some bite, it would not be altogether surprising if the CJEU took the same view.

Anya Proops

The Right to be Forgotten: big steps forward, small steps back?

Posted on 11th February 2016 | by Robin Hopkins

If you made a successful ‘right to be forgotten’ request to Google in the UK, the outcome would be that the URL you complained of would no longer appear in search results through the google.co.uk search engine. However, by simply using the .com version of the browser instead, that outcome would be neatly sidestepped: the offending URL would appear in the search list against your name, unaffected by your exercise of your right to be forgotten.

Google has announced today that, as requested by the ICO among others, it will change that practice and introduce consistency across the versions of its browser. Continue reading →

Investigatory powers and privacy

Posted on 9th February 2016 | by James Goudie KC

The Government’s draft Investigatory Powers Bill has been criticized by Parliament’s Intelligence and Security Committee, chaired by former Attorney General, Dominic Grieve QC MP, in a Report published today. The Committee is “disappointed to note” that the Bill does not cover all the intelligence and security Agencies’ intrusive capabilities, and that the draft Bill fails to provide a clear and comprehensive legal framework to govern the use and oversight of investigatory powers.

Continue reading →

Indiana Jones and the EU-US Privacy Shield – Updated

Posted on 3rd February 2016 | by Christopher Knight

Just like the Ark of the Covenant, the Holy Grail, bizarre alien crystal skull things and whatever it was they were looking for in the Temple of Doom, there is another object of great supposed power and endless fascination. Known only as the ‘EU-US Privacy Shield’ – to be wielded with the mighty Sword of Data no doubt – it is rumoured to have the ability to prevent secret intelligence-harvesting, solve personal data disputes and single-handedly rescue inter-state trade. Like a less exciting Corby trouser press. And now this amazing artefact has been uncovered, by the European Commission no less, buried at the bottom of a Brussels file marked ‘Desperate Ideas to Buy Time’.