Blame it all on my roots

This month has seen two very different stories about emergency legislation emerge on either side of the Irish Sea. Here follows the results of my ruminating on the stories (my word of the week after seeing a professorship in non-ruminant science advertised).

In the UK, the Data Retention and Investigatory Powers (“DRIP”) Bill is before the House of Commons today.  After a debate on timing, at lunchtime today, it was agreed that all ‘stages’ be taken today. (Normally, legislation gets a broad second stage debate, consideration over a longer period (line by line) in a committee, and a final Commons stage).  It’s due before the House of Lords tomorrow.  Given the strong support for the truncated timing given by MPs earlier today (only 50 or so voted against), it’s very likely that the Commons will say yes – what the Lords make of it is to be seen.

I signed a letter about this legislation, which has provoked some interesting coverage (e.g. here, here and here).  I think that the Government is making a mistake in how it’s handling this legislation. It’s well known that the Court of Justice of the European Union found the Data Retention Directive invalid as a matter of EU law in April.  As Judith Rauhofer and I pointed out in our editorial (see part 4), this raised significant questions for the future of national measures adopted on the basis of it, as well as similar replacement measures. The CJEU declared the Directive invalid immediately and also made important points about what safeguards were required as a matter of EU law, including human rights.

Now this could have been a good opportunity for sober consideration of how to draft a new scheme, compatible with EU law and the European Convention on Human Rights, and informed by the engaging public debate on surveillance, security and technology. But readopting the bulk of the EU measure (without necessarily restoring lawfulness), along with some separate ‘clarifications’ (which may have merit in themselves or at least be the basis for further debate), is not a way for Government to establish and defend the legitimacy of data retention and surveillance. It’s inadvisable that this be construed as an emergency.  It’s clearly a matter of national importance and I do see the significance of the arguments put forward on the need to have a well-regulated system of intelligence and investigation. And something did have to be done after the CJEU’s decision – doing nothing would be, in my view, still a mistake.

But after the last few years of Snowden, the NSA, Wikileaks, well-founded fears about technological development and all that, now is the time to build support and trust. (The sad thing is that for a lot of people who don’t follow Parliament closely, they are paying attention today and not really seeing democratic deliberation at its best).  Today hasn’t achieved the goal of establishing trust and legitimacy, and I’d encourage readers to contact members of Parliament (especially the House of Lords) asking for a proper, careful debate.

Meanwhile, in Ireland, emergency legislation was one of the many proposals put forward to deal with a licensing decision (under the Planning & Development Acts – see part XVI) by Dublin City Council. The decision was significant because it pertained to proposed concerts by Garth Brooks. Promoters had already sold tickets (“subject to licence”) for five concerts at Croke Park (the largest stadium in the city), but the local authority only granted a licence for three.  (The full reasoned decision is published here).

One point that seemed to annoy some people was the inability of elected representatives to override this decision. A fair point, if one disregards the sorry history of planning corruption in Ireland and the need to apply the law in a consistent and transparent fashion. So with that in mind, ‘emergency legislation’ was proposed (one Bill was even drafted by an opposition member of the Dáil). Again, I’m not saying that the law is perfect – the controversy has highlighted some areas for procedural change in particular (I taught a course on entertainment law last year – and hereby offer my free services to any official body in Ireland that wants some suggestions).  Nor am I unsympathetic to the disappointed ticket-buyers (not least because, having been a teenager in 1990s Ireland, I truly understand that he has a serious fan base – in my day, local radio playlisters first and foremost). But for a licensing system to have credibility, responsible authorities have to be able to say no as well as yes; the sale of tickets for what is at the time an unlicensed event shouldn’t affect this. So while it can be tempting to call for a new law, that also deserves proper consideration – of models from other jurisdictions, for example.

Fortunately, despite a lot of posturing, the Irish parliament didn’t go down that route, and it looks like the concerts aren’t happening at all.  Here are some interesting things to read on the topic: Fergal Davis, Rebecca Moynihan & Jane Horgan-Jones, Gene Kerrigan.

Ten things to read about today’s data retention decision

I am a fair-weather blogger, and so I cannot remember the last time I had so many visits or retweets in a day.  Piggybacking on the unexpected traffic boost, here are ten things worth reading (from various sources) about the reason for that traffic – the finding by the Court of Justice of the EU that the Data Retention Directive is, on human rights grounds, invalid.  (My own post, Data retention parrot, is here).

I had plenty to choose from in putting this list together – fortunate that the decision was published when many of us legal academics are not teaching?

  1. The decision of the Court.  The early pages are taken up with reproducing the provisions of the legislation, so if you are familiar with the Directive, those pages are most skippable.
  2. Fiona de Londras, professor at Durham Law School, writing at Human Rights in Ireland. Special mention: discussion on whether “a more tailored, narrower approach” might survive scrutiny if the Directive is to be replaced (see also her lessons for the US, posted at The Conversation).
  3. “Cybermatron”, an expert in this field, writing on her blog. Special mention: highlighting weaknesses in the decision, including where the Court may have underappreciated the significance of the legislation and of this challenge.
  4. Steve Peers, professor at the University of Essex Law School, writing on his blog EU Law Analysis. Special mention: analysis of the current status of the (invalid) Directive, and options for states and the EU from this point on.
  5. Paul Bernal, lecturer at the UEA Law School, writing on his blog. Special mention: how the decision sits within the wider debate on and advocacy for privacy.
  6. Karlin Lillington, journalist, writing in the Irish Times. Special mention: the consequences for Ireland and the EU, by someone who has been instrumental in highlighting data retention practices for over a decade.
  7. Luke Scanlon, solicitor, Pinsent Masons, writing on Out-law. Special mention: impact on other legislation, including data protection present and future.
  8. Glyn Moody, author and journalist, writing for ComputerWorld UK. Special mention: explanation, point by point, of how the court’s decision relates to specific data retention practices.
  9. Gabriele Steinhauser, journalist, writing in the Wall Street Journal. Special mention: how the decision is being reported to an international audience, including the political dimension.
  10. Press release and FAQ on the decision from the European Commission (the ‘losing’ side, not that you would know that from the statement). Special mention: reading it with a straight face.

Apologies to those omitted – additional links welcome, through the comments sections below.

When Irish eyes are watching

Last year, I was invited to give a ‘response’ to two very interesting papers at a seminar of the British Association for Comparative Law. The papers, by Paula Giliker and Elspeth Christie Reid, were on the evolution of breach of confidence and privacy, primarily in relation to England and Scotland. (Eric Clive wrote up his notes from the day here).

The papers, including a developed version of my comparative comments, are now being published in Juridical Review. A slightly earlier version of my contribution is available on SSRN through the University of Edinburgh School of Law Working Paper Series (here’s the series, and while there why not also download my colleague Judith’s latest paper on big data and small government…).

My article is a short one, and the main thing I hope it does is remind some UK-based readers of the interesting things that have happened in Ireland in relation to the privacy cause of action. I do spent a good deal of space talking about Sullivan v Boylan [2013] IEHC 104, which is a particularly useful contribution to the English and Scottish debates on how to handle the evolving questions of privacy and confidence. I also talk a bit about New Zealand.

Beyond breach of confidence: an Irish eye on English and Scottish privacy law

This article is based on comparative comments (with special attention paid to Irish law) presented at a seminar on breach of confidence and privacy. It is first argued that a continuing uncertainty regarding the role of statute in relation to privacy is common to the development of doctrines in both England and Scotland, with similar anxieties present in other jurisdictions. In the absence of statutory clarity, the questions arising out of debate on the nature of the cause of action, and the consequences of variation in definitions of “privacy”, are considered – with special attention to developments in Ireland and New Zealand. The relationship between the evolution of breach of confidence and the human rights framework is also noted. Finally, the prospects for law reform and/or convergence across jurisdictions in the United Kingdom are assessed.

(Sorry if you expected this post would be about this; words fail me on that subject, I’m afraid).

PSA: Hibernian Law Journal 2013

With permission, here is a recent email I received from the editors of the Hibernian Law Journal.  You can contact the journal via email.

Established in 1999, the Hibernian Law Journal is a legal journal co-ordinated by trainee and qualified solicitors. Its multidisciplinary focus facilitates detailed argument and discussion on a wide range of topics such as e-commerce, environmental law, the European Convention on Human Rights, intellectual property, public private partnerships, criminal law, child law and financial services law. All legal topics of domestic, European and international law are considered provided that they are relevant in an Irish context.

The Editorial Committee is now accepting submissions for the 2013 edition. The Hibernian Law Journal offers an excellent opportunity for legal scholars to have their work published in an academic forum.

The following guidelines apply to submissions:

  • Length should be between approximately 5,000 and 15,000 words.
  • The article must not have been published elsewhere, although the article may be a thesis which is bound and catalogued in a university library.
  • The topic should be thoroughly researched and footnoted.
  • Articles may be on any legal topic of interest to the author.
  • Articles are due by 31 October 2012 (although exceptions may be made in individual circumstances).

 

Cyberlaw at the Society of Legal Scholars

I’m at the annual conference of the Society of Legal Scholars, where I’ll be convening the Media & Communications section later in the week.  Yesterday, though, I had the pleasant opportunity to sit back (or lean forward) and listen to the papers in this year’s ‘cyberlaw‘ section.  Here are some comments on the papers (not all I’m afraid due to coming and going from the room).

Uta Kohl (Aberystwyth): on intermediaries.  Currently working on a ‘trilogy’ of articles on connectivity, navigation and hosting Intermediaries. There are two theoretical influences here: Spar’s work on phases regulation (e.g. from Ruling the waves 2004) and Foucault’s use of Bentham’s panopticon work.  Intermediaries are key to the system, ie you cannot have regulated online environment without the regulation of intermediaries. They are key players in these debates. Connectivity, navigation (a key facilitator) and hosts. Judges taking a different approach to what they can ‘make’ intermediaries do. Attractive because there are so few of them. Also in transnational context.

There has lately been a change of regulatory mood; specifically mentioned the 9th Circuit decision re roommates.com and the comments on unfair advantage over offline equivalents. In general, immunities are hardly ever used, preference for general law of the land.  Use general law to favour intermediaries instead of the special provisions, or don’t find them applicable at all. Integration into economy supports Spar hypothesis.  Noted that full paper reviews different topics e.g. defamation, copyright, competition.  In the case of copyright, liability and blocking obligations are being separated (Newzbin and EU law) and there are other developments (Australian cases).  Existence of Cleanfeed influences copyright changes.

Paul Bernal (UEA): on the right to be forgotten in the US, EU and UK.  There has been a tension between EU and US in this field for a long time (with the UK quite confused).  In the EU this is a key aspect of proposed reform of data protection, protecting individuals in the face of (US) corporate power. From US perspective this is a threat to free speech and the end of the Internet as we know it, e.g. Rosen in Stanford Law Review. UK is resisting the right given its existing doubts about both privacy or free speech.  So who is right? Paul talked through the actual text and argues more like a right to delete than to be forgotten.  Important is the obligations it places on others, but also be aware of all reasonable steps clause re links etc. Is this ‘seek and destroy’? What about search engines? US free speech arguments relevant here, but more broadly (i)is data speech? (ii) Held vs published (iii) Links vs data (iv) significance of ‘journalism/art/literature’ defence.

Notes that if data protected by copyright, there is already a takedown option. Data as an IP right? Objections and constitutional issues both present. Ultimately it is more about free enterprise than free speech.  Those targeting products at EU are within scope.  And although the UK does not focus on privacy and expression there is an interst in bring a good place to do business! For example, MoJ consultation focused on businesses and the burden that it would create. Would require work eg privacy by design but also challenges the business model based on keeping data.

Damien McCallig (Galway), on his ‘digital remains’ project, specifically the deceased and data protection today.  In some jurisdictions the protections of data protection law are transformed upon death. Data subject defined as natural person? The A29 Working Party opinion on concept of personal data as personality, i.e. birth to death.  He reviewed the history of data protection law with a particular focus on the Council of Europe convention 1981; it is only in 1992 that natural person is used but that was so as to exclude legal persons. Conclusion is that there is no bar to inclusion.

Within the EU: 12 include, 4 express exclude, 10 say natural persons (presumed exclusion), 1 x 30-year limit.  But even within those that do recognise, there is a lack of consistency.  Ireland and UK  start with the common law proposition that the dead have no rights. Strong criticism of inclusion in Parl Ctee work implementation of directive in the UK. In Ireland it did not arise in parliamentary debates until 2003 revision. Government said no demand at first consultation but this clearly not true.

Proposed EU regulation followed same language although latest draft would mention living persons at the urging of Sweden (which currently excludes). Pressure to finalise soon (perhaps even during Irish presidency).

Michaela MacDonald (Queen Mary) discussed virtual assets, within environments ranging from Facebook to Second Life to World of Warcraft.  Key problems associated with virtual currency purchased with real-world currency and then used as means of exchange.  However the regulatory dimension includes EULAs (contracts of adhesion).  The focus of the talk was theft-related incidents and decisions (Chengwai situation in China, R v Mitchell in UK, Dutch supreme court consideration of Runescape).

Kim Barker and Olga Jurasz (Aberystwyth) – misogyny in gaming. While there is some awareness and discussion of explicit content there is also a need to consider predation, violence, etc.  This is in public eye again for various reasons (including Habbo Hotel investigation on C4), and also targeting of women (e.g. Anita Saarkesian, had Tropes vs Women Kickstarter project, drew extreme reaction including abuse on wiki page and even game to ‘beat up’ her image. While there is some work on cybercrime (Brenner, Kerr etc) that assists in understanding, and old situations from Internet studies (LambdaMoo), new situations emerge (ageplay in Second Life).  A key problem is that cybercrime (including academic work) focuses on different issues ie property, pornography.  The problems they have found are rooted in virtual real world framework but same problems re enforcement, public attitudes, etc.

So we must be aware of selectiveness in regulation; some issues (children) receive attention in the Cybercrime convention so why not violence against women, do we pick and choose?  Then, some comments on virtual harms and the dispute over violent acts in virtual worlds, with responses ranging from catharsis to online/offline mirroring (specific mention of Ryan Chinnery’s conviction).  What would the impact be of a human rights framework or even language?  Discussion too of Jessie Daniels’ Cyber Racism.