The flood of subject-access requests to the Brexit Party coincided with the European Elections in May
The Brexit Party has been ordered by the Information Commissioner’s Office (ICO) to respond to subject-access requests dating back to May by the end of the week.
A subject-access request (SAR) enables individuals to demand from organisations details of the data they are keeping on them. Under GDPR, organisations have just 30 days to respond to such requests.
A spokesperson for the party said it had received a “flood” of requests around the time of the European Elections in May, and suggested that the organisation had been targeted by anti-Brexit campaigners.
“During the European elections, there was a coordinated attempt by campaigners to flood the Brexit Party with Subject Access Requests,” a Brexit Party spokesperson said.
“All political parties are allowed access to the electoral register so they can send literature to voters. However, inaccurate claims circulated on social media, claiming we had acquired people’s addresses improperly, leading to the written requests asking for access to information.”
1. Received one of these Brexit Party pamphlets through the post?
Wanna know how they got your personal details & what they’re going to do with them?
Well, it’s easy to find out. You just need to write them a letter and pop it in the post.
— Reality Bites in 2019 🏴🇪🇺 (@DanRealityBites) 8 May 2019
The ICO has given the Brexit Party until 22 November to answer the data requests, according to Sky News.
“We have responded to the vast majority of letters,” the Brexit Party spokesperson said. “Around 0.2 per cent are currently being dealt with and we will meet the deadline agreed with the ICO.”
In a statement, an ICO spokesperson said: “As a public body the ICO has to consider its responsibilities during the pre-election period. Our regulatory work continues as usual but we will not be commenting publicly on every issue raised during the General Election.
“We will however, be closely monitoring how personal data is being used during political campaigning and making sure that all parties and campaigns are aware of their responsibilities under data protection and direct marketing laws.”
A cursory trawl of Twitter indicates a number of pro-EU accounts urging followers to bombard the Brexit Party with subject-access requests during the election in May.
Last week, Crowdfund Insider referred to several Securities and Exchange Commission (SEC) enforcement actions that addressed the sale of unregistered securities by issuers of initial coin offerings (ICOs). Penalties assessed by the SEC are now coming due for several prominent enforcement actions brought by the SEC. Yet, questions remain as to whether, or not, many of these issuers have the resources to cover these costs – much less any refunds driven by a recission requirement.
CI received a note from Philip Moustakis commenting on several of the ICO enforcement actions. Moustakis is a former senior counsel at the SEC who investigated and litigated the SEC’s first-ever Bitcoin-related enforcement action. He is also an early member of the SEC’s Cyber Unit working closely on distributed ledger technology issues. Currently, Moustakis is counsel at Seward & Kissel LLP.
Moustakis explained that in announcing its settlement with Gladius, the SEC heralded the fact that the company self-reported its ICO, took remedial steps, and cooperated with the SEC in its investigation as reasons a penalty was not imposed. Just a few months prior, the SEC imposed a $250,000 penalty against both Paragon Coin, Inc. and AirFox for unregistered ICOs of comparable size. All three companies in their respective settlements with the SEC agreed to return funds to investors who purchased tokens in the ICO and requested a refund.
Because there were so many ICOs of equal or greater size during the 2017-2018 ICO craze that were cut-and-dried securities offerings, Moustakis said he had expected to see a self-reporting initiative of some kind following the Gladius settlement.
“… An initiative in which the SEC offered ICO promoters who self-reported, came into compliance, and offered refunds to investors who purchased in the ICO would receive similar no-penalty settlements. Now we may be seeing why that has not happened,” explained Moustakis. “As a practical matter, it may not be feasible for many firms to come into compliance. On the whole, token values have declined since the craze, meaning many investors will opt to put their tokens back for a refund. And with many of the blockchain-based platforms linked to token offerings still undeveloped or in development, the money may not be there.”
Moustakis said that it remains to be seen whether the apparent difficulties some of these companies have with complying with their settlement agreements will color the SEC’s approach in future cases.
We contacted Moustakis with several more questions regarding what happens when a settlement with the SEC cannot be paid.
“The SEC may agree to provide a respondent with more time, which is what I would expect them to do, so long as the respondent is endeavoring in good faith to meet its obligations under the settlement,” Moustakis stated. “At some point, if the SEC determines the respondent is not endeavoring in good faith to do what it agreed to do, the SEC may seek to unwind the settlement and proceed with its prosecution. It is also possible that the delay here is attributable to investors having some difficulty with the claims processes created in connection with the settlements, which I would also expect the SEC to work through.”
Regarding rescission offers, if an issuer cannot meet the demand of investors asking for their money back – what happens? Does the company simply file for bankruptcy?
Moustakis explained:
“Strictly speaking, the settlements do not provide for the ICO issuers to make rescission offers – which can be a lengthy and costly process, requiring additional filings – but rather an agreement to return funds to investors who purchased tokens in the ICOs and want to put those tokens back to the issuers for a refund. It is for the SEC to enforce those settlements. But civil suits may also follow. Whether a suit would drive the issuer into bankruptcy would depend on the strength of the plaintiffs’ claims, the economics involved in meeting plaintiffs’ demands, and the financial condition of the company.”
Another attorney had indicated, in his opinion, that it was not practical for the SEC to assess penalties when it is pretty clear they will never be paid. Is there an alternative?
“The SEC can enter into a settlement with a respondent that does not include a penalty if the respondent can demonstrate he or she cannot pay. However, the SEC is not in the habit of waiving disgorgement, that is, that the respondent gives up the proceeds of any securities law violations committed, in the SEC’s view,” shared Moustakis. “But here the issue appears to be that the respondents cannot follow through on undertakings to which they agreed as a condition of their settlements, namely to refund investors who would prefer to have their money back rather than keep the tokens they purchased in the respective ICOs.”
In retrospect, would there have been a better approach by regulators to have better managed the ICO craze? The DAO report appears insufficient in hindsight.
Moustakis said, that in his view, the DAO Report did just what it was intended to do:
“… it put the industry on notice that under a traditional securities law analysis, on the whole, ICOs constituted securities transactions. There may have been those in the industry unwilling to hear that or not getting the greatest advice on the issue. To that end, more aggressive prosecution following the report may have given the report’s message greater teeth, but the SEC has a really smart team doing this work and, often, it comes down to resources.”
The DAO Report put the industry on notice that under a traditional securities law analysis, on the whole, ICOs constituted securities transactions. There may have been those in the industry unwilling to hear… Click to Tweet
The UK’s data watchdog has found that adtech companies are holding on to large amounts of personal data that have been obtained through real-time programmatic bidding.
The Information Commissioner’s Office revealed its preliminary findings in a private meeting this morning, having launched an investigation into the real-time bidding industry in June.
RTB is an auction whereby advertisers (through exchanges) bid for audiences they want to target. The watchdog warned Campaign earlier this year that the industry has evolved into a world of “perverse” incentives” in which intrusive behaviour is being rewarded.
Among its findings, the ICO confirmed that special category data, which includes sensitive information about uses such as their sexual orientation or political affiliation, was being directly processed without explicit consent.
There are also inconsistent contractual arrangements in the RTB process, the ICO said, as well as inadequate transparency information.
Johnny Ryan, chief policy and industry relations officer for ad-tracker-blocking browser Brave, said the ICO’s findings were “precisely” what it said in its GDPR complaints about RTB earlier this year and which was criticised by the Internet Advertising Bureau for being “intentionally damaging to the digital advertising industry”.
Media was not invited to the London meeting, which was originally set to be held under Chatham House rules, but this was later waived by the ICO’s executive director for technology policy, Simon McDougall, who is leading the investigation.
Ryan said: “It’s a good session, though several years too late. What has become clear to everyone is that RTB is indeed causing a massive data breach. And I think there was a consensus in the hall that the industry needs to reform to fix that. We at Brave and our colleagues at privacy organisations like ORG [Open Rights Group] and Panoptykon Foundation are no longer the only voices calling for change. Everybody gets it now.”
Campaign has asked the ICO for more information about its findings, but a spokeswoman indicated that it was unlikely to comment.
There is likely to be a formal statement about the investigation’s progress in the coming weeks, given that the ICO said in June that the industry had six months to start taking action over RTB abuses.
Google also presented at the event to explain its decision last week to remove some bid request information from programmatically traded advertising.
Beginning in February 2020, Google will no longer include contextual content categories, such as “sport” or “weather”, in bid requests. Google cited privacy concerns since contextual categories revealed in a bid request can be used to create individual profiles about individual users.
F1 driver Kimi Räikkönen, also known as the ”Iceman” has started co-operation with the CTN Group. CTN is a company specialising in recovery equipment using super cold temperatures, also called Cryotherapy. The technology is developed and manufactured in Finland by the local group subsidiary, and their cutting edge equipment offers help in recovery, stress reduction, improved quality of sleep and pain relief. The CTN Group is a global pioneer in high-end cold therapy equipment, with products exported to more than 35 countries. Latest patented innovations enable localised cold therapy treatments without liquefied gasses, using only standard electricity. The company launched earlier this year the first electric-only X°Cryo™ device, which makes cryotherapy more affordable and accessible to a much wider clientele than before. This treatment traditionally used mainly by top athletes has now become a feasible option for all of us.
“Many international sports and entertainment mega-stars have already discovered the benefits of cold therapy, but with the Iceman, Kimi Räikkönen, we found a perfect match and great global ambassador for our brand. Despite the well funded large and professional teams behind them, Formula 1 is a very demanding sport for the driver. It requires both physical and mental strength and undivided and continuous focus. As soon as we heard that Kimi had found the benefits of cold therapy, it was a very natural and mutually beneficial decision to start working together with him and to provide him the best available equipment to optimise his performance”,says Mr. Mare Oravainen, Chief Sales officer of the CTN Group.
Kimi Räikkönen’s Swiss home is now equipped with both a whole body cryotherapy cabin (CTN Cryo°Cabin™) using liquid nitrogen and the electrically powered X°Cryo™ for localised treatments. Thanks to this co-operation he will become one of CTN Group’s most renowned international top athlete references.
“Driving a F1 car requires top-level fitness both mentally and physically. In particular, the legs and lower back are under heavy strain, and I’ve noticed that using the cryotherapy regularly accelerates my recovery and reliefs instantly pains and aches caused by physical training or a tough race weekend. It also relaxes the mind in a similar way as the ice baths I used to take, but this is a more effective and much faster way to recover and it really relaxes both the mind and body. I have always relied and liked Finnish high-tech and know-how, and when I learned that this equipment is being manufactured in Finland, to choose the right equipment for me was easy. When I am at home, I use the cold therapy equipment every day, and whenever possible I use the localised X°Cryo™ during the race weekends as well,”says Kimi Räikkönen.
CTN Group is the global technology leader in its field and has delivered cutting edge cryotherapy equipment to wide variety of professional athletes and teams, including NHL, NFL, ATP tennis stars etc. The company’s latest innovation is the electrically powered X°Cryo™ local treatment device, which is expected to revolutionise the availability of Cryotherapy as an easy-to-use, affordable, safe and more mobile option.
“The popularity of drug free therapies is growing, and I believe that not only top athletes, but also ordinary consumers will soon find the benefits of cryotherapy treatments. With the new electric X°Cryo™, and its patented Cryomask option you can also refresh your face, reduce liquid retention, accelerate blood circulation to your entire head. The derma applicators enable efficient treatment of wide variety of skin symptoms and the physio treatment heads provide targeted relief for a variety of muscle and joint inflammation and pains”,says CTN Group’s medical director doctor Timo Kylmälä, MD. Phd.
Information Commissioner Gitanjali Gutierrez issued Decision 26/2019, which concerns the search conducted by the Ministry of Education Headquarters in its original handling of a request under the PATI Act.
A spokesperson said, “On 8 November 2019, Information Commissioner Gitanjali Gutierrez issued Decision 26/2019 Ministry of Education Headquarters. This Decision concerns the reasonableness of the search conducted by the Ministry of Education Headquarters [Ministry] in its original handling of a request under the Public Access to Information [PATI] Act 2010.
“In Decision 26/2019, the requester sought records related to the Ministry’s Adopt-a-School programme. The requester sought an Information Commissioner’s review of the Ministry’s decision, which disclosed some records but stated that no other records related to the programme were held. During the Information Commissioner’s review, the Ministry agreed to conduct additional searches and was able to locate additional responsive records.
“The Information Commissioner held that the Ministry did not conduct a reasonable search in its original handling of the PATI request, but was satisfied that the additional searches conducted during the review was reasonable.
“The Information Commissioner has required the Ministry to process the records responsive to the PATI request and issue a new initial decision denying or granting access to the records in accordance with the PATI Act within six weeks.”
A full version of Decision 26/2019 follows below [PDF here]:
“Live facial recognition is a step change in policing techniques; never before have we seen technologies with the potential for such widespread invasiveness.
“The results of that investigation raise serious concerns about the use of a technology that relies on huge amounts of sensitive personal information,” wrote Information Commissioner Elizabeth Denham.
She argues that the absence of a statutory code specifically addressing the use of live facial recognition, and the legal and moral challenges it entails, will end-up undermining public confidence.
The proposed code will “give the police and the public enough knowledge as to when and how the police can use live facial recognition systems in public spaces”, Denham wrote, adding that the ICO will now work with the Home Office, the Investigatory Powers Commissioner, the Biometrics Commissioner, the Surveillance Camera Commissioner and policing bodies on the new code.
In addition, Denham called for more development work to be done on the algorithms in a bid to eliminate bias, particularly ethnic biases.
In her Commissioner’s Opinion, Denham “makes clear that there are well-defined data protection rules which police forces need to follow before and during deployment of live facial recognition.
“The Opinion recognises the high statutory threshold that must be met to justify the use of live facial recognition, and demonstrate accountability, under the UK’s data protection law.
“That threshold is appropriate considering the potential invasiveness of this technology. My Opinion also sets out the practical steps police forces must take to demonstrate legal compliance.”
Police in South Wales have led the way in trialing live facial recognition
The Information Commissioner’s Office (ICO) has issued a warning to police over the use of live facial recognition.
It has called for a statutory code of practice to be introduced to govern police user of live facial recognition, after an investigation conducted by the ICO found that the “current combination of laws, codes and practices” were insufficient.
Never before have we seen technologies with the potential for such widespread invasiveness
The ICO investigation focused on the trials by Metropolitan Police and South Wales Police into facial recognition, conducted in public in recent years.
“Live facial recognition is a step change in policing techniques; never before have we seen technologies with the potential for such widespread invasiveness.
“The results of that investigation raise serious concerns about the use of a technology that relies on huge amounts of sensitive personal information,” wrote Information Commissioner Elizabeth Denham.
She argues that the absence of a statutory code specifically addressing the technology, and the legal and moral challenges, will end-up undermining public confidence.
The proposed code will “give the police and the public enough knowledge as to when and how the police can use live facial recognition systems in public spaces”, Denham wrote, adding that the ICO will now work with the Home Office, the Investigatory Powers Commissioner, the Biometrics Commissioner, the Surveillance Camera Commissioner and policing bodies on the new code.
There are well-defined data protection rules which police forces need to follow before and during deployment of live facial recognition
In addition, Denham called for more development work to be done on the algorithms in a bid to eliminate bias, particularly ethnic biases.
In her Commissioner’s Opinion, Denham “makes clear that there are well-defined data protection rules which police forces need to follow before and during deployment of live facial recognition. The Opinion recognises the high statutory threshold that must be met to justify the use of live facial recognition, and demonstrate accountability, under the UK’s data protection law.
“That threshold is appropriate considering the potential invasiveness of this technology. My Opinion also sets out the practical steps police forces must take to demonstrate legal compliance.”
After exclusively breaking the story regarding the loss of a US$250k password by Golix’s CEO it turns out more information is finding its way to us through anonymous sources who dealt with Golix in one way or another in the aftermath of their bust-up with the RBZ.
Another source has now come out and said that Golix’s token sale was in the thousands meaning the company might have missed their U$32 million target by a longshot.
In fact, the source says Golix sold tokens closer to US$15 000 more than anything else and this same figure was shown to some customers. The source claims they saw the portal that was being used to handle the token sale so they believe that this figure is closer to the total amount made by the cryptocurrency exchange during the token sale.
Considering that Golix intended to use these funds to increase their presence in other countries and it doesn’t seem that materialised coupled with the fact that the token sale was held during the RBZ vs Golix crisis – it’s reasonable to believe that the token sale might have been a complete failure.
Considering that during the token sale Golix put the above poster on their site, one wonders whether this was an effort to paint a positive picture and influence the few who ended up buying the coin to invest more.
Facebook has ended its appeal against the UK Information Commissioner’s Office and will pay the outstanding £500,000 fine for breaches of data protection law relating to the Cambridge Analytica scandal.
Prior to today’s announcement, the social network had been appealing against the fine, alleging bias and requesting access to ICO documents related to the regulator’s decision making. The ICO, in turn, was appealing a decision that it should hand over these documents.
The issue for the watchdog was the misuse of UK citizens’ Facebook profile information, specifically the harvesting and subsequent sale of data scraped from their profiles to Cambridge Analytica, the controversial British consulting firm used by US prez Donald Trump’s election campaign.
The app that collected the data was “thisisyourdigitallife”, created by Cambridge developer Aleksandr Kogan. It hoovered up Facebook users’ profiles, dates of birth, current city, photos in which those users were tagged, pages they had liked, posts on their timeline, friends’ lists, email addresses and the content of Facebook messages. The data was then processed in order to create a personality profile of the user.
“Given the way our platform worked at the time,” Zuck has said, “this meant Kogan was able to access tens of millions of their friends’ data”. Facebook has always claimed it learned of the data misuse from news reports, though this has been disputed.
Both sides will now end the legal fight and Facebook will pay the ICO a fine but make no admission of liability or guilt. The money is not kept by the data protection watchdog but goes to the Treasury consolidated fund and both sides will pay their own costs. The ICO spent an eye-watering £2.5m on the Facebook probe.
Facebook’s at it again: Internal emails show it knew about Cambridge Analytica abuse ‘months’ before news broke
Facebook can also keep documents handed over the ICO, which it claims will help restart its investigation into Cambridge Analytica â parts of which had been put on hold on ICO instructions.
The agreement centres on Facebook’s action in handing UK citizens’ data to Cambridge Analytica and the ICO’s larger investigation into the misuse of private data for political purposes. This also saw campaign group Leave.eu fined a total of £60,000 for data offences.
Deputy commissioner of the ICO James Dipple-Johnstone said: “The ICO welcomes the agreement reached with Facebook for the withdrawal of their appeal against our Monetary Penalty Notice and agreement to pay the fine. The ICO’s main concern was that UK citizen data was exposed to a serious risk of harm. Protection of personal information and personal privacy is of fundamental importance, not only for the rights of individuals, but also as we now know, for the preservation of a strong democracy.”
$0.75 â about how much Cambridge Analytica paid per voter in bid to micro-target their minds, internal docs reveal
In October 2018 the ICO imposed a fine of £500,000 on Facebook, which equates to about 17 minutes’ profit for the firm â the maximum possible fine because the offences occurred between 2013 and 2015. Under the European General Data Protection Regulation (GDPR) brought in last year, however, Facebook could be fined 4 per cent of its $56bn global turnover.
ICO commissioner Elizabeth Denham has previously defended the massive spending on the Facebook investigation as giving the watchdog ammunition to go to government and get stronger enforcement powers. ®
