End of Year Review 2023
A round-up of the legal, policy and campaigning work of Open Rights Group during 2023.
What a year! The UK government pursued legislation that weakens our digital rights, biometric surveillance expanded exponentially and World leaders attempted to grapple with (and exploit) the emergence of AI.
–
ORG fought them every step of the way with our staff, partners and supporters. So, to mark the end of 2023, we’re looking back at what we’ve achieved together.
WIDESPREAD SHARING OF PREVENT DATA REVEALED
In December ORG’s investigation into the Prevent duty uncovered shocking widespread data sharing. An FOI request revealed that the data of people who are referred to Prevent is being shared more widely than previously known, including with airports, ports and immigration services. Data is also being re-used after cases have been marked ‘no further action’. ORG uncovered this information when the Met police sent a poorly-redacted response to an FOI request and was reported in The Observer.
Sophia Akram, ORG Programme Manager, said that “the disclosure of the guidance goes one step further in showing the extent of data sharing, and the harms that could result from this. We hope this information will help the thousands of affected people to exercise their data protection rights and get their data removed from the myriad of government databases where it is held.”
TWO WINS OVER THE IMMIGRATION EXCEPTION
This year ORG and the3million defeated the government in court TWICE with representation by Leigh Day. First in March, then in December with the Court of Appeal agreeing with us that the immigration exception is unlawful.
The Home Office attempted to deny migrants the right to access their data and only provide safeguards in a policy document outside the legislation that Ministers can change at will. This is in breach of data protection law and the Court of Appeal has given the government three months to fix it.
Jim Killock, ORG Executive Director, responded that “this victory shows how important strong data protection legislation is in helping us stand up to a government that is intent on undermining human rights.”
OPEN LETTER TO END RACIALISED SURVEILLANCE
In March, we published our open letter to the Mayor and Chief Constable of Greater Manchester. Joined by 14 other civil society groups, we highlighted the injustice of the conviction of ten young Black boys known as the Manchester 10. The case shines a light not only the flawed practice of joint enterprise but also the use of music lyrics as evidence of criminal intent, even when a crime hasn’t been committed.
Sophia Akram, ORG Programme Manager, notes that this is part of a wider practice where “police forces are mining the social media accounts of young people, in order to identify them as gang members. This creation of ‘gang narratives’ based on musical expression, disproportionately impacts Black men.”
OPEN LETTER TO STOP THE DATA GRAB BILL
We brought together 26 civil society organisations in an open letter to the Secretary of State for Science, Innovation and Technology. We called for the Data Protection and Digital Information Bill to be scrapped, as it will seriously weaken data rights and could particularly harm people from marginalised communities.
Abby Burke, ORG Programme Manager, emphasised the need for “a data protection law that builds on the protections created by the GDPR not one that weakens them. People’s rights – not government control or the profits of corporations – should be the basis of any new legislation.”
PRIVACY DURING THE PANDEMIC REPORT PUBLISHED
In May, we published our report into the failures by the Information Commissioner’s Office in protecting our privacy and data rights during the Covid-19 pandemic. Our report found that the ICO repeatedly failed to take action over clear breaches of data protection law by the government.
The ICO’s decision to act as a “critical friend” meant there was a lack of transparency and accountability, excessive retention of data, missing and late Data Protection Impact Assessments, and the involvement of private companies without proper safeguards.
Abby Burke, ORG Programme Manager, warned that “we are still feeling the implications of this negligent data governance with the continued sharing of public health data with companies such as Palantir.”
OPEN LETTER TO PROTECT ENCRYPTED MESSAGING
ORG and European Digital Rights (EDRi) co-ordinated an open letter signed by over 80 civil society groups and experts. We warned that message scanning powers in the Online Safety Act threatened the security and privacy of billions of messaging app users’ globally.
The government later conceded that they will not use powers to scan private messages until it is “technically feasible” to do so without breaking privacy. Hint: it will never be technically feasible.
Dr Monica Horten, ORG Policy Manager, questioned how the UK can be “a guarantor of international security, when on the other hand it is piercing a hole in the system that will damage that security?”
7 PRIVACY TIPS FOR REFUGEE WEEK
For this year’s Refugee Week on the theme of compassion, we published seven tips for refugees and migrants to exercise digital rights effectively in the UK. ORG’s Migrant Digital Justice Programme (MDJP) puts a spotlight on the government’s escalating attacks on migrants through their digital rights.
The digital hostile environment can be see in dehumanising measures such as GPS ankle monitors, fingerprint scanners, right to work checks and having immigration numbers marked on NHS medical records.
Sara Alsherif, ORG Programme Manager, said that “compassion, in its true essence, goes beyond mere words or symbolic gestures. It requires tangible actions that reflect genuine empathy and a commitment to upholding the rights and dignity of refugees.”
LEGAL OPINION ON PRIOR RESTRAINT
In July, we published an explosive legal opinion from from Dan Squires KC and Emma Foubister of Matrix Chambers. They found there are “real and significant issues” on the lawfulness of a clause in the Online Safety Act, requiring social media platforms to proactively screen users’ content and prevent them from seeing anything deemed illegal.
The opinion finds that there is “likely to be significant interference with freedom of expression that is unforeseeable and which is thus not prescribed by law”. It warned of “a sea change in the way public communication and debate are regulated in this country”.
Dr Monica Horten, ORG Policy Manager, remarked that it “up-ends the existing legal order on tech platforms.”
ORG PARLIAMENTARY BRIEFING IN HANSARD
Ahead of the second reading of the Data Protection and Digital Information Bill in the House of Commons, we published our Parliamentary briefing for MPs. Our briefing was quoted four times during the Parliamentary debate by representatives of the Labour Party, Liberal Democrats and the Scottish National Party.
We set out how changes to GDPR law mean the government is setting the country on a dangerous path that weakens individual’s data protection rights and corporate accountability mechanisms, as well as giving the government undemocratic powers.
Mariano delli Santi, ORG Legal and Policy Officer, said that the Bill “raises valid concerns about heightened vulnerability to cyberattacks, potential threats from foreign actors, and the erosion of the UK’s reputation as a secure business environment.”
OPEN LETTER ON THE AI SUMMIT
ORG, Connected by Data and The Trades Union Congress convened an open letter to Rishi Sunak ahead of the official AI Summit at Bletchley Park on 1 and 2 November.
More than 100 UK and international organisations, experts and campaigners warned that the “communities and workers most affected by AI have been marginalised by the Summit” while a select few corporations seek to shape the rules.
Abby Burke, ORG Programme Manager, said that “the agenda’s focus on future, apocalyptic risks belies the fact that government bodies and institutions in the UK are already deploying AI and automated decision-making in ways that are exposing citizens to error and bias on a massive scale.”
ORG AT PARTY CONFERENCES
ORG organised a stall at the Green Party Conference this year in Brighton to raise awareness of the Digital Hostile Environment. Handing out leaflets and talking to delegates, Sara Alsherif (ORG Programme Manager) and Pam Cowburn (ORG Head of Comms), highlighted the Challenge the Checks campaign being run by Migrants’ Rights Network, Migrants in Work and ORG.
James Baker (ORG Campaigns Manager) and Mariano delli Santi (ORG Legal and Policy Officer) also took to the Labour Party conference to engage delegates over the importance of digital rights for worker’s rights.
CAMPAIGNING OUTSIDE PARLIAMENT
This year, we partnered with 89up to produce a campaign video for the ‘Don’t Scan Me’ campaign against the spy clause in the Online Safety Act that exposes our private messages to mass surveillance. The spoof video of a phone inspector, played by comedian Ali Woods, asking the public to hand over their phones has been viewed 1.6K times on YouTube.
We took to the streets of London with a digital display van that raised awareness of the encryption-busting message scanning powers in the Bill. We were joined outside Parliament by ORG supporters and Alistair Carmichael MP, Liberal Democrat Home Affairs, Justice and Northern Ireland spokesperson.