Tag Archives: internet

Data Protection – What Are The Implications Of The Snoopers Bill And Data Retention & Privacy On Your Business?

Data Protection - What are the implications of the Snoopers Bill, data prtoection & privacy on your businessKeeping up with the election theme, the Snooper’s Charter, also known as the Snooper’s Bill, was first introduced by Theresa May in 2012 and vetoed by Nick Clegg in 2013, and has made a comeback.

The legislation is designed to support authorities to use technological advances to keep track of criminals. The new legislation will increase the powers which effectively allow the authorities and the government to force communication service providers to generate and retain information about its users for a longer period of time. On the surface, those law abiding citizens will find that such legislation will not pose a significant hindrance to their normal activities. The authorities are not going to judge you on your latest online habits unless your internet history flags up serious concerns. The secrets of your weekly online shopping are therefore probably not going to make any headlines.

For online service providers, however, there may be significant implications to their business. Below are a few considerations to bear in mind.

Definition of telecommunications operator

BT, Vodafone, EE all spring to mind. However, for the purpose of this legislation ‘telecommunications operator’ is anyone who operates an electronic communication system. This includes all internal and/or live chat functions integrated on websites and application technology. If your business falls within this category it is important to understand what you are expected to do under the law.

Legal requirements

Existing legislation stipulates that public communications providers are required to retain some types of telephony and internet related communications data, generated or processed in the UK in connection with their business, for 12 months. You can find more explanatory notes about the legislation here: https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/228824/8359.pdf. The new proposed legislation would extend this obligation to require telecommunications operators to obtain and retain data they would not normally retain for their business for a period of up to 12 months.

The legislation is unclear on the exact data it is seeking to obtain and is assumed to be drafted as it is as a catch-all to serve whichever purposes are deemed to be within the ‘public interest’. This can put telecommunications operators in an awkward position when it comes to compliance. SMEs as well as huge conglomerates are in the business of catering for their own needs and those of their customers, not those of the government. Expecting them to look out for all the bad things is a big ask and responsibility that a lot of businesses just don’t want on their plate. Further, this is likely to put a material strain on infrastructure as businesses will need to have space to store all this data for the required period which may well increase their overheads.

Consumer relationships

We are all now acquainted with the ‘cookie laws’ because we are prompted by a consent dialogue on most websites we visit on a daily basis. On the privacy side of things we might find it acceptable to receive the odd bit of targeted advertising and unwanted newsletters from our information being palmed off to third parties. However, the criminal perspective placed on the Snooper’s Charter might make a lot of people feel nervous as frankly no one wants to be branded a criminal.

The real problem here is that where a third party advertiser will pay you for anonymised information for the purpose of targeting products at said consumers, a data request from the authorities will likely have no commercial benefit and may even cause significant tension between you and your clientele. How the data is processed is not something that your business or the consumer will be privy to. This might deter users or even damage brand reputation in the long run. A suggestion would be to make your policies clear from the onset so that users of your brand know where they stand. Remember, no one likes to be spied not least by your shopping basket.

Cutting edge solutions for online businesses – OBIS Beta Release

Those with their fingers on the pulse of the legal services industry are predicting significant changes in the marketplace.  Whether this shift is down to the recession, technological developments, regulatory changes, or all of these combined, Azrights is ready with a cutting edge solution for clients interested in minimizing their legal fees while continuing to receive expert advice.

Our new Online Business Information Site (OBIS) offers a wealth of information on topics relevant to anyone getting a website, already online, or doing business on the internet.  OBIS is currently in beta.

Find out more About OBIS  here

Ip Addresses and Anonymity Online

In September, the Swiss Federal Court ruled that an anti-piracy company in Switzerland, Logistep, must cease collecting the IP addresses of users sharing files on peer-to-peer networks.

IP addresses are used to route communications between computers connected to the internet, and could be said to work in a similar way to postcodes.  A number of companies have previously engaged in the practice of tracking file sharers by their IP address, hoping to discourage piracy online, but the Swiss Court found that these details are personal information, and given that the data is generally collected without the consent or knowledge of the users this is in breach of privacy legislation.

It is important to note that this is not the final word on the matter, and that some jurisdictions disagree with this view, for example both Irish and French courts have in the past ruled that IP addresses are not necessarily personal information.  Consensus will involve considerable collaboration on an international level, and when reached may have a significant impact on the way people use the web.

Your IP address on its own does not identify you, and in order to match an IP address to a particular internet connection it is generally necessary to obtain a court order forcing the relevant ISP to hand over the information.  On the other hand, there are a variety of techniques which, in some cases, can shed a little light on the identity of a user from their IP address.  These are for the most part more effective at identifying larger organisations, who may have been allocated a block of IP addresses, and so be identifiable through RIPE (one of five Regional Internet Registries) or by using similar methods.  Other less accurate methods include geolocation, using  online databases such as IP2Location.  These approaches are often unreliable, and even where it is possible to identify a particular internet connection, it is not certain who was responsible for activity online as many different people might be using the same IP address by routing their communication through the same connection via a wireless network.  It will be interesting to see how this issue is dealt with in future, as many more cases are likely to arise where connecting an IP address to a particular person is central to the outcome.

This is just one of a whole host of issues that have arisen in relation to online identity, which is of growing concern as people submit more and more personal information to social networks like Facebook, and as businesses pay more attention to their reputation on the internet.

On a related note, it is not just an IP address that can connect a person to activity online.  Users of membership sites such as Twitter or YouTube are distinguished by their username – which they choose themselves, and which do not need to be their real name.  Perceived by some as a significant problem with material online, much of it is posted anonymously using pseudonyms.  If you find defamatory content online, there is more often than not no quick way to identify the culprit.  In such cases, recourse to the courts is the only option; recently a US court ordered Google to release information connected with the identities of two YouTube users who had posted videos  of a business consultant without permission, and incorporating offensive remarks about her.  If cases like these are successful and well publicised, internet users may become more cautious when making comments online.

Finally, another issue bringing online anonymity into the spotlight recently is the offensive launched by the group Anonymous against proponents of intellectual property, called Operation Payback.  The group have claimed responsibility for the bringing down of a range of websites including the UK Intellectual Property Office.  One of the principal difficulties in identifying those who are culpable for the attacks lies in differentiating malicious connections from honest ones.  The attacks are classed as distributed denial of service (DDoS), and rely on huge volumes of users connecting to the target website at once to overload it – finding out which connections are bona fide is far from a straightforward task.

There is a tension between protecting the privacy of internet users and enabling law enforcement online, and this debate is likely to rage on for the foreseeable future, so we plan to keep our eyes peeled.

13th October: The 2010 Protecting Innovation Conference

Safeguarding the New: How to Use IP Rights Effectively

Shireen Smith will be speaking on the special role of brand names, trade mark protection, and managing your brand online at this conference, which focuses on the effective protection of innovation through the prudent application of intellectual property rights.  This is a very practical conference aimed at both in-house and private practice lawyers.

Download the brochure.