This article is from the source 'guardian' and was first published or seen on . It last changed over 40 days ago and won't be checked again for changes.
You can find the current article at its original source at https://www.theguardian.com/technology/2018/jan/09/data-protection-bill-amended-to-protect-security-researchers
The article has changed 5 times. There is an RSS feed of changes available.
| Version 2 | Version 3 |
|---|---|
| Data protection bill amended to protect security researchers | Data protection bill amended to protect security researchers |
| (about 9 hours later) | |
| Exemption added after researchers said efforts to demonstrate inadequate anonymisation could fall foul of law | |
| Alex Hern | |
| Tue 9 Jan 2018 18.45 GMT | |
| Last modified on Tue 9 Jan 2018 18.59 GMT | |
| Share on Facebook | |
| Share on Twitter | |
| Share via Email | |
| View more sharing options | |
| Share on LinkedIn | |
| Share on Pinterest | |
| Share on Google+ | |
| Share on WhatsApp | |
| Share on Messenger | |
| Close | |
| The government is to amend the data protection bill to protect security researchers who work to uncover abuses of personal data, quelling fears that the bill could accidentally criminalise legitimate research. | The government is to amend the data protection bill to protect security researchers who work to uncover abuses of personal data, quelling fears that the bill could accidentally criminalise legitimate research. |
| The move follows a Guardian report on the concerns, and has been welcomed by one of the researchers who raised the alarm. “I am very happy with the amendments,” said Lukasz Olejnik, an independent cybersecurity and privacy researcher. | The move follows a Guardian report on the concerns, and has been welcomed by one of the researchers who raised the alarm. “I am very happy with the amendments,” said Lukasz Olejnik, an independent cybersecurity and privacy researcher. |
| The bill will contain a clause making it a criminal offence to “intentionally or recklessly re-identify individuals from anonymised or pseudonymised data”, with the potential of an unlimited fine for offenders. | The bill will contain a clause making it a criminal offence to “intentionally or recklessly re-identify individuals from anonymised or pseudonymised data”, with the potential of an unlimited fine for offenders. |
| When it was first published in August, security researchers feared they could fall foul of the law if they carried out research demonstrating inadequate anonymisation on the part of others. | When it was first published in August, security researchers feared they could fall foul of the law if they carried out research demonstrating inadequate anonymisation on the part of others. |
| Now the government has introduced an amendment to the bill providing an exemption for researchers carrying out “effectiveness testing”. Researchers would have to notify the Information Commissioner’s Office (ICO) within three days of successfully deanonymising data, and demonstrate that they had acted in the public interest and without intention to cause damage or distress in re-identifying data. | Now the government has introduced an amendment to the bill providing an exemption for researchers carrying out “effectiveness testing”. Researchers would have to notify the Information Commissioner’s Office (ICO) within three days of successfully deanonymising data, and demonstrate that they had acted in the public interest and without intention to cause damage or distress in re-identifying data. |
| Matt Hancock, the new culture and digital secretary, said: “We are strengthening Britain’s data protection laws to make them fit for the digital age by giving people more control over their own data. This amendment will safeguard our world-leading cybersecurity researchers to continue their vital work to uncover abuses of personal data.” | Matt Hancock, the new culture and digital secretary, said: “We are strengthening Britain’s data protection laws to make them fit for the digital age by giving people more control over their own data. This amendment will safeguard our world-leading cybersecurity researchers to continue their vital work to uncover abuses of personal data.” |
| Olejnik said the amendments offered “a reasonable compromise” between the needs of researchers and the risks that exceptions could be abused. “I’m especially impressed with designing a responsible way of submitting privacy weaknesses directly to ICO. In this way, the role of ICO is even strengthened as a mediator between researchers and organisations. | Olejnik said the amendments offered “a reasonable compromise” between the needs of researchers and the risks that exceptions could be abused. “I’m especially impressed with designing a responsible way of submitting privacy weaknesses directly to ICO. In this way, the role of ICO is even strengthened as a mediator between researchers and organisations. |
| “The whole case underlines the need of careful analysis of proposed regulations, whether in UK or beyond. These days, badly designed technology regulations have the potential to negatively affect entire societies.” | “The whole case underlines the need of careful analysis of proposed regulations, whether in UK or beyond. These days, badly designed technology regulations have the potential to negatively affect entire societies.” |
| Poor anonymisation of data is a common problem. In 2006 AOL released an “anonymised” selection of search queries that revealed affairs, illnesses and criminal activity when it was deanonymised simply through cross-referencing with phonebooks. That same year Netflix was sued after it released poorly anonymised reviews that outed a closeted lesbian. | Poor anonymisation of data is a common problem. In 2006 AOL released an “anonymised” selection of search queries that revealed affairs, illnesses and criminal activity when it was deanonymised simply through cross-referencing with phonebooks. That same year Netflix was sued after it released poorly anonymised reviews that outed a closeted lesbian. |
| In August last year a pair of German researchers purchased the “anonymous” browsing habits of 3 million Germans from a data broker, and succeeded in uncovering the porn habits of a judge, medical problems of an MP and details of active criminal cases. | In August last year a pair of German researchers purchased the “anonymous” browsing habits of 3 million Germans from a data broker, and succeeded in uncovering the porn habits of a judge, medical problems of an MP and details of active criminal cases. |
| Data and computer security | |
| Data protection | |
| news | |
| Share on Facebook | |
| Share on Twitter | |
| Share via Email | |
| Share on LinkedIn | |
| Share on Pinterest | |
| Share on Google+ | |
| Share on WhatsApp | |
| Share on Messenger | |
| Reuse this content |