Google, privacy and a new kind of lawsuit

Today is Data Privacy Day – and new lawsuit has been launched against Google in the UK – one which highlights a number of key issues. It could be very important – a ‘landmark case’ according to a report on Reuters. The most notable thing about the case, for me, is that it is consumer-led: UK consumers are no longer relying on the authorities, and the Information Commissioner’s Office in particular, to safeguard their privacy. They’re taking it into their own hands.

The case concerns the way that Google exploited a bug in Apple’s Safari browser to enable it to bypass customers’ privacy settings. As reported on Reuters:

“Through its DoubleClick adverts, Google designed a code to circumvent privacy settings in order to deposit the cookies on computers in order to provide user-targeted advertising. The claimants thought that cookies were being blocked on their devices because of Safari’s strict default privacy settings and separate assurances being given by Google at the time. This was not the case.”

The group of consumers have engaged noted media and telecomms lawyers Olswang for the case. Dan Tench, the partner at Olswang responsible for the case, told Reuters:

“Google has a responsibility to consumers and should be accountable for the trust placed in them. We hope that they will take this opportunity to give Safari users a proper explanation about what happened, to apologise and, where appropriate, compensate the victims of their intrusion.”

For further information – and if you want to join the action – Tench can be contacted by email at

There’s also a Facebook page for the suit:

What’s important here?

The case highlights several crucial aspects of privacy on the net. The first is the extent to which we can – or should be able to – rely on the settings we make on our browsers. What was happening here is that those settings were being overridden. Now it’s a moot point quite how many people use their privacy settings – or indeed even know that they exist – but if those settings are being overridden by anyone, let alone a company as big and respected as Google, it’s something that we need to know about and to fight. Browser settings – and privacy settings in general – are the key control, perhaps the only control, that individuals have over their online privacy, so we need to know that they work if we are to have any trust. A lack of trust is something that damages everyone.

The second is that the case highlights that users aren’t going to take things lying down – and neither are they going to rely on what often seem to be supine regulators, regulators unwilling to take on the ‘big boys’ of the internet, regulators who seem to take their role as supporters of business much more seriously than their role as protectors of the public. Alexander Hanff, a privacy advocate who is assisting Olswang on this case, said that:

“This group action is not about getting rich by suing Google, this lawsuit is about sending a very clear message to corporations that circumventing privacy controls will result in significant consequences. The lawsuit has the potential of costing Google £10s of millions, perhaps even breaking £100m in damages given the potential number of claimants – making it the biggest group action ever launched in the UK. It should also be seen as a message to the Information Commissioner’s Office that they are in contempt of the British public and are not doing their job.”

This last point is crucial – and it may suggest not that the Information Commissioner’s Office are not doing their job but that their job is one that needs redefining. The ICO sometimes appears to be caught between two stools – their role is more complex than just as protectors of the public. They’re not a Privacy Commissioner’s Office – and perhaps that is what we need. An office with teeth whose prime task is to protect individuals’ privacy.

What happens next?

This lawsuit will be watched very carefully by everyone in the field of online privacy. The number of people who join the case is one question – there are plenty who could, as Safari, though somewhat a niche browser on computers, is the default browser on iPhones, so is used by many millions in the UK. How it progresses has yet to be seen – there are many different possibilities. If nothing else, I hope it acts as a wake-up-call for all involved: Google, the ICO, and the public.

In praise of regulation….

Travelling back from the Computers, Privacy and Data Protection conference in Brussels, I had a fascinating conversation with someone who was there right at the beginning of data protection. It was a conversation that revealed a great deal to me, first of all about the process towards the reform of the Data Protection regime, but more importantly about the whole process of reform.

The conversation was about the negotiations that led up to the adoption of the initial Data Protection Directive, back in 1995 – nearly 20 years ago – a process that has great parallels with the current, somewhat agonizing processes as we work towards a new data protection regime. This is something that needs proper academic study – but even at first glance the echoes are very strong. As it was outlined to me, the process had two very direct parallels with the current negotiations:

  1. Businesses were lobbying very heavily, and making predictions of total disaster: data protection was going to destroy business, ruin lives etc
  2. The UK government was supporting their lobbying – helping them directly in an attempt to undermine, weaken or possible destroy the directive.

Exactly the same seems to be happening this time around – the business lobbying is if anything even heavier and doom-laden, and the government has been laying on just as thick with speeches and reports coming thick and fast, most recently suggesting that the whole ‘regulation’ approach is inappropriate.

Now the first time around, despite the doom mongering, the business world didn’t come to an end. Data protection hasn’t brought about the end of the world as we know it – indeed, for something created nearly 20 years ago in a world where technology has been changing with incredible rapidity, data protection has, in my opinion, shown remarkable resilience and continuing relevance.

The world didn’t end….

If the world didn’t come to an end that time around, is it any more likely to this time around? It doesn’t seem likely – so we should take all the moaning, groaning and doom-mongering about the new regulation, and in particular about things like the right to be forgotten which is part of that regulation, with huge pinches of salt.

There are, of course, many other reasons that the world didn’t come to an end as a result of the introduction of data protection. The first, and perhaps most important, is that IT itself developed in such a way as to either circumvent the ‘disadvantages’ of data protection regulation, or as to make compliance with data protection easier. The latter could be said to be an advantage of the legislation – it brought about the beginnings of what’s now known as ‘privacy by design’. That is, systems were designed with compliance in mind – which is a good thing, if you believe in the aims of the legislation.

The former, that people found ways to circumvent the disadvantages, is also closely connected with the other main reason that data protection legislation didn’t cause the end of the world: many people simply ignored it, and went along their own merry way, either undetected or willing to take the consequences of any detection.

Will it be any different this time around?

All of these key factors – that systems will develop to make compliance easy or to avoid the legislation, or that people will just not bother to comply – are pretty much as likely to happen this time around as last time. IT will develop – it always does – and in all kinds of unpredictable ways. People will find ways to avoid, circumvent, or comply with the legislation in other ways – they always do. It will be the same cat-and-mouse story as before – as it is in pretty much all areas of law. Ultimately, though, life will go on.

Of course businesses moan – and of course they fear regulation, because regulation challenges them. It challenges them to change – because change is needed. That’s the real point. Regulation doesn’t arise in a vacuum, just because some bureaucrats have decided they want to wrap us all in a bit more red tape. Regulation arises, in general, because there’s a problem that needs addressing. Sometimes it arises because businesses or people have been behaving in ways that they shouldn’t, or ways that threaten the rights of others. Sometimes it arises because new technology or new situations demand it.

In the case of the new data protection regime, it’s a bit of both of these – some businesses are doing things they shouldn’t. They’re invading our privacy in ways that they really shouldn’t, and ways that do threaten our rights. And the technology has changed, and those changes need addressing. So we need a new regulation – and we shouldn’t be so afraid of it. Regulation isn’t all bad – indeed, it’s very often quite the opposite. Good, robust regulation helps those it regulates – as data protection has, in general, helped over the years.

Yes, regulation will challenge some business models – but business models NEED to be challenged. Some may even fail – but, frankly, some businesses need to fail. We shouldn’t be overly concerned by it – and shouldn’t bend over backwards to support them, as we seem to do all to often. Phorm is an example in this field which springs immediately to mind…

New regulation can help support new and better businesses – and businesses that are positive and forward-looking, that build business models that respect the privacy and rights of their customers, could find that new regulations offer new opportunities. Better businesses could get competitive advantages by behaving well, rather than by behaving badly.  It’s all too easy for systems to support the unethical businesses over those that are ethical and supportive of their customers, as the last few years have demonstrated all too graphically.

…so let’s embrace regulation – even privacy regulation – and see how it can help us, rather than fighting it and fearing it. That doesn’t help anyone. The new proposed Data Protection Regulation has a lot going for it – and being more positive about it, working with it, trying to understand it rather than trying to undermine it, is much more likely to get a good result, both for people and for businesses.

Children have a right to privacy

The latest proposal from David Cameron’s ‘Advisor on Childhood’, Claire Perry, is that parents should ‘snoop’ on their children’s texts. Apparently it’s ‘bizarre that parents treat youngsters’ internet and mobile exchanges as private’, as reported in the Daily Mail.

For those of us who work in the privacy field – and indeed for anyone who works or has knowledge of children’s rights – it’s Claire Perry’s ideas that are bizarre. In fact, I’d go a lot further: to anyone who pays any real attention to their children, that kind of idea should be bizarre. Children have a right to privacy – and not in the technical, legal sense (though in that too, because it’s enshrined in Article 16 of the United Nations Convention on the Rights of the Child, which the UK has both signed and ratified) but in what I would call the real, natural, sense. They want privacy. They need privacy. They demand privacy. Anyone who has children, who spends time with and listens to their children, who respects their children should be able to see that.

Part of that privacy – perhaps the most important part of that privacy – relates to privacy from their parents. That’s the part that children are most likely to care about too – they’re not so worried about the government snooping on them, or companies gathering their personal details for marketing purposes – but they do care about, and need to have some control over, what their parents know about their private thoughts. And we, as parents, need to understand that and respect that – if we are to understand and respect our children. If you want to know what your child is thinking about and caring about, and what they might be doing in their private lives, the best way, as the excellent @SturdyAlex tweeted this morning, is to ‘foster a relationship with them where they trust you enough to tell you’.

Of course the extent to which this is true varies from child to child and from age to age, but children all want and need privacy, and if we don’t understand and respect that all we’ll do is make them less likely to respect and to trust us – and hence more likely to find ways to hide the stuff that really matters from us.

So, Mr Cameron, and Ms Perry, don’t snoop on your children’s texts – or encourage anyone else to. Encourage them to listen to their children more, to respect their children more, to build better relationships to their children. Help your children to help themselves…

If you “can’t” leave Facebook…

I’ve been posting a lot about Facebook recently. I gave ‘10 reasons to leave Facebook‘ a few weeks ago – but for many people that seems either to be impossible, or very, very difficult. So, what can you do if you ‘can’t’ leave Facebook, and you want to minimise your privacy risks? After the new stuff on Facebook’s Graph Search (see my blog posts here and here), now the revelation that people on Facebook will no longer have the option to avoid being ‘searchable’, this is becoming more and more important.

So what can you do? Well, here are twelve suggestions from me – I’m sure there are many more…

  1. Check your privacy settings. Really check them. Lock them down as tight as you can – but remember that they only control what other users can see, not what Facebook can see or use for their profiling of you.
  2. Prune your ‘friends’ list down to an absolute minimum. With Graph Search this is particularly important – it seems as though Graph Search will assume that if you’re ‘friends’ with someone then all your data is available for full analysis for search by those friends. If they’re just people you met once, or were in the same year as at school or college, would you really trust them with your most intimate details?
  3. Never press the ‘like’ button ever, ever again. The ‘like’ button is another of the profiling keys – and could effectively give permission for those whom you like to access your data.
  4. Do a serious deletion job on your photographs – Graph Search will search them, facial recognition may be applied, and not just to you but to anyone in the photos. If you have a friend (a real one) who’s in one of your photos, it’s not just you who’s being subject to privacy risks.
  5. Think before you post any more photos – same reasons, really. Do you really need to ‘share’ that picture? If you don’t, don’t! And if you ‘need’ to, is there a way to do it other than Facebook?
  6. Never use geolocation again – at least not on Facebook. If you’re given the option to allow any application to know your location, say no! Geolocation is a tool that’s immensely useful at times – when you’re using maps, or other transport apps (for train timetables etc) but most of the time it’s really not necessary at all.
  7. Check the apps you use to access Facebook on your phone or tablet – there are all kinds of risks associated with apps that people simply don’t think about. The settings may be very different from what you think – again, think geolocation, think photo tagging.
  8. Think about when you post, as well as what and why. Posting at night, for example, could profile you as a ‘night owl’, for whatever reason.
  9. Don’t play games on Facebook – play them somewhere else. Games are primarily used for profiling, and may have privacy risks attached that are not immediately obvious.
  10. Don’t sign into any other service ‘via Facebook’ if you have the option. All you’re doing is allowing the two services to share data, to add depth and strength to their profile.
  11. Sign out of Facebook whenever you’re not using it – don’t leave it running in the background when you do other stuff. When you’re signed in, you can be giving permission to Facebook to track or follow other activities. Now they might be doing that anyway, but you shouldn’t give them the legal excuse to!
  12. Keep ‘work’ and home separate on Facebook if you can. It may not be easy….

Finally, though, think again about whether you really do need to be on Facebook. You may need to – or you may want to – but if so, you should manage your risks and be as ‘savvy’ about it as you can.

Facebook Graph Search: Privacy issues….

thumbs-downI wrote yesterday about Facebook’s new ‘Graph Search’ system – in particular, about the way in which it is intended to convince people to put more and better data onto the system, and to lock them and businesses further into the Facebook system. What I didn’t talk about much was privacy…. not because there aren’t privacy issues with the new system, but more because there are so many privacy issues that it’s hard to know where to start.

One of the most interesting things is that as a part of the launch, Mark Zuckerberg has been very keen to stress that privacy is built into the system, even releasing information suggesting that the reason he went with Bing rather than Google for the web-search part of the service is that Google weren’t ‘privacy-friendly enough’ for him – see this piece in the Guardian. Why did he do that? Well, in one way I’m glad he did because it shows that he knows that people care about privacy, and that Facebook doesn’t exactly have the greatest reputation about privacy, to put it mildly. However, I’m far from convinced that what he’s been saying means very much – because the essence of Facebook Graph Search makes privacy very, very hard to achieve.

There are many things to mention – I can’t even get close to covering them all in one post. I’ll start with the very purpose of the system. Zuckerberg gave an example of a possible search: “people who like fencing and live in Palo Alto”. It doesn’t take much of a stretch to turn that into something distinctly creepy: “Single women who live in Palo Alto, work in Menlo Park and ‘like’ public transportation.” You can take it a lot further than that – which is why many commentators suggest that the system could be a stalker’s dream. Facebook already allows things that point in that direction: the scrutiny of other peoples’ profiles is one of the points of the system. Graph Search takes that to another level…

Secondly, the idea of the ‘built-in privacy’ that Zuckerberg talked about is that ‘stuff’ is only searchable if you’ve let friends see it anyway. There are big problems with that. Firstly, it relies on people understanding and using Facebook’s notoriously over complex privacy settings – which is quite something to rely on. Secondly, it assumes that if you’re willing to let your friends see or know something, then you’re willing to let it be aggregated, analysed, searched, sorted and so forth… which is of course what Facebook do anyway, but I would be very surprised if many Facebook users realise this. For that, and other reasons, I suppose we should welcome Graph Search – it demonstrates graphically what Facebook actually does with your data.

Thirdly, Zuckerberg made the point that photos and location information would be part of Graph Search – again, something that we should all have known, but I’m not sure people have fully understood. Combine this with facial recognition, and with the new smartphone Facebook apps that will automatically post photos you take with your camera onto Facebook, complete with location stamp, and you get a whole new scale of possible intrusion. Add this to the stalking capabilities noted above, and you’ve got quite a tool…

The point with a lot of this is that it’s all becoming the default – which is clearly the intention. As I noted in my previous post, Graph Search will work best if you ‘give’ Facebook all your information – and Facebook is providing the tools to let you give them it all. Moreover, they’re making it easier to give that information than not to give that information. They want all your data… and not just to give you a better service. They want it because they can use it to make more money…

….which brings me to the final privacy point. Zuckerberg makes the point again and again that in some ways you are in control of privacy, by using your privacy settings. You decide who sees what. However, that’s not really true at all. You may decide which other users get to see which bits of your data – but Facebook gets to see it all. Facebook gets to analyse it, to profile you through it, to effectively share it with its partners, to use it to categorise you for advertisers, or for others pretending to be advertisers. You may have more privacy from other people – but to Facebook, you are transparent, and have no privacy at all. Graph Search doesn’t really change that – but it should make it clearer that it is the case, and what some of the implications are.

I wrote over the holiday season my ‘Ten Reasons to Leave Facebook’. For me, Graph Search adds an eleventh – and makes some of the other ten even clearer than before. It’s not going to convince me to re-join Facebook. Quite the opposite: it makes it crystal clear to me that I was right to leave when I did.

Facebook Graph Search: It’s about the data!

Little Shop of Horrors lost endingThe first thing to ask whenever Facebook (or indeed any other business) releases a new product or service is what’s in it for them. In the case of Facebook’s new ‘Graph Search’, as in most things Facebook, the answer’s pretty direct: it’s about the data. Graph Search, though it may seem to be just a cool new way of finding stuff, could also turn out to be a very clever way of Facebook gobbling up even more data than before – as well as trying to squeeze even more value from the data that’s already out there.

It comes at a time when Facebook might be facing a new situation – they may be reaching saturation point in terms of user numbers, at least in their prime markets. Figures seem to be suggesting that they are losing users – apparently down 600,000 in the UK and 1.4 million in the US – and though those figures need to be taken with a decent pinch of salt, they do at least suggest that the era of unrelenting user number growth for Facebook may be over. What that means for Facebook, particularly after their less than stellar IPO, is that the pressure’s on to make more money from existing users. They need money, and for that money they need data! They’re like the plant in Little Shop of Horrors, continually shouting out ‘Feed me!’. They need to be fed, so they can grow, and the more they grow, the more they need to be fed.

Firstly, its important to understand what Graph Search does. As the BBC’s Rory Cellan-Jones puts it, Graph Search is a “new way of mining the information your friends, and their friends”. Essentially, as it’s been described, it takes the data about you, and about your ‘friends’, and uses it as a source from which to search – giving you back stuff that your ‘trusted’ friends either use, or ‘like’, or something along those lines. Where it can get stuff off Facebook, it gives you that – and if it can’t find relevant stuff, it goes to Bing, and does a web search instead. You can search for whatever you want – the examples given by Zuckerberg were things like “people who like fencing and live in Palo Alto” or “films my friends like” or “restaurants recommended in New York” – but the possibilities are endless, and Cellan-Jones highlighted the possibilities of using it as a sort of ‘dating search’: companies like eHarmony etc will be quaking in their boots.

Still, how is this about data? Well, if Graph Search takes off, it will have a number of implications:

  1. When people search, they reveal stuff about themselves – they effectively add more stuff to their profile. That’s one of the reasons Google do so well – having information about what people are interested in is key. Each search term entered on Graph Search is more data for Facebook – and a potentially more accurate profile of the user.
  2. Graph search will work better for people if their own profile is better – that is, the more data you put up about yourself, the more ‘personalised’ your Graph search will be. Facebook will be sure to let people know that, to persuade them to enter more and more data.
  3. There have already been hints made that you might want to put more data up to ‘help’ your friends when they use Graph search. Of course the people it really helps are Facebook – they want more of your data – but the altruism, the sociability, will doubtless be stressed. Be a good friend – put more data up! Tell people what you like!
  4. Businesses will start to realise that if people are using Graph search, they need to be on Facebook – and they need to get people to ‘like’ them even more than before. The ‘like’ button is already a big deal – this will make it more so. Businesses will be pushing you to ‘like’ them even more than before…. which means yet more data to Facebook, and more ‘permission’ given for that data to be used. Do you know what you’re consenting to when you press ‘like’?
  5. The more businesses are on Facebook, the more individuals have to be Facebook to manage those business pages – it’s another ‘lock in’. I know many people who say ‘I’d love to leave Facebook, but I have to be there to manage my business’s page’. That will only increase…

For Facebook, it’s a ‘win-win’ scenario. They get more data – and potentially better data, as people might focus on refining their profiles in order to get ‘better’ Graph Search results. They get more uses – and hence more money – from their existing data. They get others – individuals and businesses – to do both their selling and their data gathering for them. They lock people into their business model even more.

There’s another interesting issue for me. Google are under pressure for not making their searches ‘neutral’ enough – for possibly prioritising businesses that they make money from, or downgrading rivals or so forth. They deny that this is happening, and claim their search algorithm is ‘neutral’. Facebook Graph Search by design prioritises businesses and others on Facebook – it doesn’t even pretend to be neutral. Should it? And if it can exist in this form, why shouldn’t Google be allowed to be less than neutral? Of course there are vast differences between the services, but I have a feeling this may open up an already squirming can of worms even further.

I should note that this is only a first set of thoughts on Facebook Graph Search – and I haven’t even talked about privacy yet! What actually happens to it may be very different from Mark Zuckerberg’s dream. It could be a distinctly damp squib – much of the reporting has suggested people are underwhelmed by it. I hope so, because the one thing, more than any other, that I don’t want to see on the internet is one service dominating. The net needs to be open, it needs to be varied, it needs to be flexible and it needs to be dynamic. If we all do the same thing, or all use the same service all the time, that is far less likely to continue.

It’s about the children…

The Jimmy Savile story has provoked a huge amount of reaction – revulsion, disgust, anger, frustration, and great many attempts to find someone or something to blame. One of the biggest questions being asked is why we didn’t find out about it earlier – so many people seem to have known about it, or at least suspected what was happening, so why didn’t the news come out?

Many different suggestions have been made. Some blame the BBC – and its failures as an institution over this and related matters are all too clear. Some have blamed the libel laws – saying that they would have told the story if it hadn’t been for the threat of a big law suit. For me (as someone who teaches defamation law) that one really doesn’t wash: it may have made a small difference, but newspapers and others have published many, many stories over the years with far less evidence and with pretty much a guarantee of legal action. If they really wanted to publish, they would have.

Some of the ‘mea culpa’ stories from celebrities and others who knew but said nothing have rung true – but others haven’t. For many of them, if they’d really wanted to, they could have said something. For some it might have been ‘career suicide’ to do so – but is your career worth so much? Is anything worth so much?

That, brings me to my point. The main reason, as I see it, that the information didn’t get out, it ultimately that we didn’t care enough. Why? Well, there are two closely connected issues. Firstly, the idea of a man having sex with a young girl wasn’t (and still isn’t) considered such a bad thing. Rock-stars and underage groupies wasn’t (and still isn’t) seen as child abuse by a large number of people. The opposite. It’s almost one of the perks of the job. That’s not just a 70s attitude, it’s a current one. If you look back at the story of the 15 year old girl who went off to France with her 30s teacher, some of the reactions – indeed some of the press coverage – made that very clear. ‘Lucky bloke’ was how it was described by some. The story was presented to a great extent as titillating, a bit scandalous, not as what it was. For many men, the idea of a good-looking and ‘mature’ 15 year old girl seemed very attractive – and if you look at (for example) the sidebar on the Mail Online you can see that idea repeated again and again and again.

The second point, though it might not seem so obvious, is closely related: our overall attitude to young people. We don’t respect them – and we don’t take them seriously. We don’t listen to them, and we don’t believe them – and they know it. We laugh at their taste in music (Justin Bieber, One Direction etc) and their taste in clothes – or we demonise them as terrifying youths in hoodies. What we don’t do is treat them with respect, and try to properly listen to them or be willing to take seriously what they take seriously. To some parents – at least as it’s presented in the media – children are possessions or investments, or devices to be controlled. To some people children are something to be ‘managed’, or corralled like cattle – stop them gathering on street corners, ban them from places. The whole ASBO approach to children took this angle. Does it help? Only at the most superficial level – and it spreads a culture that says that children and young people aren’t worth listening to. They’re a problem to be managed.

So of course it’s hard for children to speak up when things really matter. If they’re not used to being listened to or taken seriously, they won’t talk. If they’re used to their wishes and ideas being either derided or over-riden, why would they think it was worth trying to be heard?

Of course what Savile did was hideously monstrous, and I doubt very much that many of those who knew or had suspicions over Savile and didn’t speak up knew that much of it – but the many who knew a little and didn’t speak up either knew they wouldn’t be listened to, or didn’t think it was such a big deal. Given our attitudes to children in other ways, the more ‘obvious’ stuff he did – groping a few teenaged girls on TV or in his caravan – wouldn’t have been seen as such a big deal. That attitude wasn’t (and isn’t) restricted to a few institutions or a few people – it pervaded (and to an extent still pervades) pretty much our whole society.

That’s not say things aren’t getting better – I think they are, but not to the extent that some people seem to think. Until we show more respect to children, until we listen more to children, until we trust our children a lot more, things won’t change nearly enough…

An uncharitable suggestion…


With the latest absurdity from the Church of England – the idea that gay men in civil partnerships can become bishops so long as they promise to be celibate – could it be time to completely rethink the role of the Church of England in our society? And, perhaps, the role of all religious organisations? I have a somewhat uncharitable suggestion….


The first step seems clear to me: the disestablishment of the Church of England. By that I mean the full separation of Church and State: the C of E would no longer be the ‘official’ religion, seats in the House of Lords for bishops would disappear, and so forth . There are many, many arguments in favour of disestablishment – the current displays of bigotry, sexism and homophobia just emphasise the point. There’s no place in a modern society for an established church – particularly in a society as diverse as ours in the United Kingdom.

The church itself would benefit in some ways from this: once the Church is disestablished, those of us who are not members or followers of the Church of England would have far less right to say anything about the practices of the Church. It would free the Church to be as ‘traditional’ as it wanted – at least to some extent…. which leads me on to the main, uncharitable suggestion.

Uncharitable Status?

At the moment, the Church of England doesn’t just have the advantage of being ‘Established’; it has the advantage, in common with other religions, of charitable status. One of the official ‘charitable purposes’ allowed by the Charities Commission is ‘the advancement of religion’. For me, the next stage of sorting out the relationship between religion and the state would be the removal of that purpose – why should advancement of religion be seen as something of ‘public benefit’ if religions themselves effectively support bigotry, division and disadvantage? ‘But it’s tradition’ I hear people say – fine, keep your tradition, but don’t expect to get tax and other benefits for it.

In fact, I’d go further. Right now, as the Church of England is displaying quite dramatically, religious tradition allows organisations to avoid equality legislation – as many people have pointed out, what job other than ‘bishop’ could say that no women or gay men can apply, and get away with it? Not many – and most involve religion in some form or other. Why are they allowed to get away with it? ‘It’s tradition’? Again, I say, fine, keep your tradition, but there should be consequences. So, perhaps we could establish a new kind of status for organisations that want to avoid equality and other legislation, in the name of ‘tradition’: ‘Uncharitable Status’.

Any organisation that wishes to do this could apply to a newly established body, the Uncharities Commission, and put their case for bigotry. They must demonstrate that it’s properly ‘traditional’ – demonstrate that their views, though bigoted, are based in something historical and ‘cultural’, rather than just on ignorance and hate. If they fail to prove this, they cannot get ‘uncharitable status’, which means that they have to comply fully with all relevant legislation. If they do prove it then they can be registered as officially Uncharitable: this would allow them to practice their ‘traditions’, but would mean that rather than just not getting the tax benefits of being a charity, they have tax penalties – that donations to them are taxed at higher rates, that they themselves have to pay taxes in full, and so forth. They would also have to include a statement on their websites and letterheads announcing that they are officially uncharitable, to make their status clear…

A reasonable solution? Uncharitable… but fair?

P.S. In case you didn’t realise, my tongue is firmly in my cheek…

2012 – how did we do?

At the end of 2011, I made 12 ‘wishes’ for privacy in 2012 – see my blog post here. So how did we do on my 12 wishes? Let’s have a look…

1.  That I don’t hear the ‘if you’ve got nothing to hide…’ argument against privacy ever again…

A resounding failure here. It was always going to be a pretty forlorn hope, but the number of times it was trotted out over the year, particularly by Theresa May when advocating for the Communications Data Bill (the Snoopers’ Charter) was a bit depressing.

Verdict – Failure    Score – 0 out of 1

2. That governments worldwide begin to listen more to individuals and to advocacy groups and less to the industry lobby groups, particularly those of the copyright and security industries

Not quite so clear here. In the big debate over the Snoopers’ Charter, for example, the UK government was forced to listen to individuals and advocacy groups, and seemed to do so pretty well, in the end. There were fewer signs of this elsewhere in the world, and 2012 ended with the US government passing FISA, their warrantless wiretapping act, without seeming to pay any attention to advocacy groups at all. Still, the work on the Snoopers Charter was pretty good, so I’ll give us half a mark.

Verdict – neutral   Score – 1/2 out of 2 

3. That privacy problems continue to grab the headlines – so that privacy starts to be something of a selling point, and companies compete to become the most ‘privacy-friendly’ rather than just paying lip service to privacy

Overall, I’d say this was a success. Privacy problems have made headlines throughout the year, with the Leveson Inquiry and the Snoopers Charter consultation getting a lot of attention in the UK, and General Petraeus’ email shenanigans getting both laughs and real reaction in the US. What’s more, almost all companies have been falling over themselves to claim their privacy credentials… though that part still means little more than lip service. Still, overall, a success.

Verdict – success  Score – 1 1/2 out of  3

4. That the small signs I’ve been seeing that Google might be ‘getting’ privacy do not turn out to be illusions.

A bit of a damp squib on this one – whilst Google might not have been quite as bad as they have been in the past, there haven’t been many changes in policy that have really made much difference. Google + still has a real names policy, and Google have been lobbying hard against the positive changes in the proposed new Data Protection Regulation. Failure, overall.

Verdict – failure  Score – 1 1/2 out of 4

5. That my ‘gut feeling’ that 2012 could be the peak year for Facebook turns out to be true.

Unproven, overall. Facebook passed the billion user mark in 2012 – but its IPO was fairly disastrous, and the headlines made by Facebook have been far from good. Only time will tell how this one pans out.

Verdict – neutral  Score – 2 out of 5

6. That the ICO grows some cojones, and starts understanding that it’s supposed to represent us, not just find ways for businesses to get around data protection regulations…

Kudos to the ICO on this one, I’d say. First of all, they stood up firmly against the Government over the Snoopers’ Charter, which is much to their credit. Secondly, they’ve started fining businesses decent amounts, not just governmental bodies. I’ve been a strong critic of the ICO in the past, but I think they’ve done well her.

Verdict – success  Score – 3 out of 6

7. That the media, whenever they get told about a new technical innovation, don’t just talk about how wonderful and exciting it is, but think a little more critically, and particularly about privacy

Again, this is hard to be sure of – I’d say the media has been improving on this front, but not in a huge way. Coverage of the Snoopers’ Charter, for example, was highly variable, some very good things and some very bad things. Overall, I think this has to be a no-result.

Verdict – neutral  Score – 3 1/2 out of 7

8. That the revision to the Data Protection Directive (or perhaps Regulation) turns into something that is both helpful and workable – and not by compromising privacy to the wishes of business interests.

I suspect many people will disagree with me on this, but I think the new Data Protection Regulation is looking pretty good at the moment – and the Commission has done well to stick to its guns in the main. Of course the main battle has yet to be fought, and only time will tell, but I’m going to call this a success for the moment.

Verdict – success  Score 4 1/2 out of 8

9. That neither SOPA nor PIPA get passed in the US…

Resounding success here! All those involved in the fight against SOPA and PIPA (and indeed ACTA) should be proud – but remain vigilant!

Verdict – success  Score 5 1/2 out of 9

10. That the right to be forgotten is discussed for what it is, not what people assume it must be based solely on the misleading name.

Failure here – it’s still being talked about as in conflict with freedom of expression, and as something that will be a big threat to the internet. I still don’t believe that this is what it is at all (and I’ll be writing much more about that later in the month), but that’s the way the media, particularly in the US, is still portraying it.

Verdict – failure  Score 5 1/2 out of 10

11. That the Labour Party begins to put together a progressive digital policy, and says sorry for ever having listened to the copyright lobby in introducing the Digital Economy Act!

Again, a resounding failure here – though I wrote about it at some length (in my blog here), and a number of Labour people seemed very supportive, the front bench seems to still be pretty much entirely in the hands of the copyright lobby – and perhaps the security lobby too. They didn’t ever say anything clear about the Snoopers’ Charter, for example.

Verdict – failure  Score 5 1/2 out of 11

12. That we start thinking more about the ordinary privacy of ordinary people, not just that of celebrities and politicians…

This one is hard to call. The defeat (for now) of the Snoopers Charter was the highlight of the privacy year for me, and it was based largely on the understanding that ordinary people had a right to privacy, and that the Snoopers Charter was infringing that right. Still, the biggest individual stories were the old fashioned ones that made the headlines over the Leveson Inquiry, together with the paparazzi photos of a topless Duchess of Cambridge, and the emails of General Petraeus. Overall, then, a tough call – but a neutral result.

Verdict – neutral  Score 6 out of 12

Six out of Twelve isn’t actually that bad – it’s better than I expected, and in some ways a reasonable reflection of the year. There have been good things and bad things, and whether the trend is positive or negative is hard to tell. I’d like to think we’re turning a corner, and heading in a ‘privacy-friendly’ direction, but that would be being far too optimistic at this stage. The reverse, however, would be too pessimistic – defeating SOPA, PIPA, ACTA and the Snoopers’ Charter shows that privacy is not quite dead yet. Here’s hoping we can keep it alive!