It Might Be Clogging Up Your Inbox, But GDPR Is One Of The Most Significant Data Laws In History

By Jonathan McCully, 25th May 2018

By Nani Jansen Reventlow & Jonathan McCully

You’ve probably heard a lot about it (or at least ignored it) in your inbox, but today’s the day! What day, you ask? Christmas? No! It’s GDPR day, of course.

This blog post was originally published by who kindly invited DFF to write the piece.

The GDPR (full and wonderful title ‘General Data Protection Regulation’) came into force on May 25, 2018 and is one of the most significant overhauls of data protection rules in history. But what does it mean for our human rights and why should you care?

First up, what actually is the GDPR? Well, it governs when our personal data can be lawfully collected, stored and used by others. Personal data means “any information relating to an identified or identifiable natural person.” This includes your name, location data, IP address, photograph, job title, or political opinion.

Whilst it may not have the snappiest title, the GDPR matters. The recent Cambridge Analytica scandal brought into sharp focus how things can go wrong when our data is misused.  So it’s important that our right to privacy under the Human Rights Convention and the more specific fundamental right to protection of our personal data (under the EU Charter of Fundamental Rights) can be upheld in practice.

This is where the GDPR comes in. It will protect these rights more fully by expanding on the old EU law on data protection and ensuring regulation is harmonised across the EU. It gives us significant empowerment over whether, how and when our data is used.

We’ll Have More Control Over Our Data
Under the GDPR, if organisations want to rely on our consent as their basis for processing our data, it must be “freely given, specific, informed, and unambiguous”, in the form of a statement or affirmative action.

This means consent cannot be implied from silence or a failure to opt-out (by, for example, unticking a box). We should, therefore, get greater control and awareness over how our data is being used.

This complements other rights protected under the GDPR, including the right to access, rectify, erase and object to the processing of our data, as well as the right not to be subject to automated decision making (including profiling).

Our Data Will Be More Secure
The GDPR introduces increased security requirements. It means those processing data must adopt “technical and organisational measures” for security purposes, such as pseudonymization and encryption. The new rules also require that data should only be used for the purpose for which it was collected – this means that companies cannot hang onto our data “just in case” they need it later.

And when the security of our data is breached, such as in the case of a ransomware attack, the relevant data protection authority must be notified straight away. Where the breach is likely to result in a “high risk” to fundamental rights, the individuals affected must also be informed.

This will increase transparency around security breaches, and stop businesses from keeping such incidents secret or being slow to disclose them.

It’s Easier To Enforce Our Rights
The GDPR significantly increases sanctions for non-compliance. Breaches of some provisions of the new rules can result in fines of up to €20 million or 4 percent of a business’ total worldwide turnover for the previous year.

It will also be easier for individuals like you and me to bring claims for breaches, including under a provision that allows individuals to authorise not-for-profits to take cases on their behalf. This means we could see class actions being brought to enforce our rights under the GDPR.

The increase in penalties, coupled with greater access to justice, should incentivise greater respect for data protection rights across Europe.

What’s more, the effects of the GDPR do not stop at Europe’s borders. For the first time, EU data protection law will apply to companies with no business establishment in the EU when they either monitor the behaviour of EU residents or offer goods or services to them. This means organisations based outside the EU (such as overseas social media platforms or website hosting providers offering their services to EU citizens) will face greater accountability.

The full implications of the GDPR are yet to become clear. But there is no doubting its potential for enhancing our right to privacy and our fundamental right to protection of our personal data. Here’s hoping it delivers on that potential.

Advancing digital rights in Europe: building on current efforts in the field

By Nani Jansen Reventlow, 2nd March 2018

Last week, over 30 digital rights experts, activists and litigators came together in Berlin. Over two days, they brought into focus work done to advance digital rights in Europe and mapped next steps and new strategies for amplifying those efforts.

The meeting took place exactly two years after a previous gathering of digital rights experts, convened by Open Society Foundations. Following the need that was expressed there to increase strategic litigation efforts, DFF was founded, with the support of OSF and two other seed funders: Adessium Foundation and Omidyar Network.

The strategy meeting followed the consultation process we started in the summer of 2017, asking digital rights activists, experts and litigators what DFF could do to support their work. Following a number of smaller local meetings, 33 individuals and representatives of digital rights, human rights and consumer rights organisations from across Europe gathered to collectively discuss the state of play for digital rights in the region and what can be done to further strengthen those efforts.

Photo: DFF/Gábor Csuday
Photo: DFF/Gábor Csuday

The gathering was kicked off with a mapping of current work done in the field. This yielded an impressive overview of activities ranging from issues like government surveillance, algorithmic profiling, to net neutrality, copyright and online content restrictions. An inventory of existing digital rights litigation work was collectively developed, after which the group focused on potential future legal cases to advance and strengthen digital rights.

Working in smaller groups across the various spaces of Kreuzberg’s betahaus – fueled by their excellent coffee and under the high-energy facilitation of Gunner of Aspiration – detailed work was done on issues such as collaboration across the field (including the identification of potential obstacles), connecting litigation to broader advocacy efforts, and breaking the digital rights “bubble” by building bridges with the broader human rights field. Initial case development conversations were started on amongst others government surveillance, the GDPR, the collection of digital evidence, and net neutrality.

The need for increased information sharing, skill building and skills sharing, as well as pre-litigation research work was discussed in detail, resulting in the formulation of a number of concrete plans to address those needs.

For DFF, the meeting was an affirmation of the impressive work being done in the digital rights field, giving us a sense of the possibilities for integrating and aligning strategies to scale impact. In their feedback on the event, one participant called it “truly inspirational”. We couldn’t agree more. We are inspired by everyone’s expertise and dedication and are excited to continue building on the enthusiasm and sense of urgency present in the room last week for taking collective work to the next level over the months and years to come.

Connecting litigation with other efforts: strategic litigation as a tool in the toolbox

By Nani Jansen Reventlow, 19th February 2018

A closer look at strategic litigation, part 3.

Part 1: Litigation as an instrument for social change – laying the foundations for DFF’s litigation support; part 2: Just a lawsuit or a case for a cause: what makes litigation “strategic”?

In a previous part of this short series on strategic litigation, we discussed how one of the important characteristics of a strategic case is that it forms part of a wider strategy or movement. This stems from the basic premise that successful strategic litigation conducted in isolation cannot achieve its full potential impact. But also because the case and “the cause” are not always the same.

The case is usually a stepping stone in furthering a cause or put differently: litigation is one of the many tools in the toolbox in pushing for change – a potentially powerful tool, but also one where its powers are significantly influenced by the context in which it takes place. Litigation works when combined with other instruments for change: advocacy, lobbying, and the political “inside game”. There are many reasons for this.

First, aligning work inside the courtroom with activities outside it can increase the effectiveness of your litigation work. A perhaps mundane, yet important factor can be the speed with which the court will decide a case. Courts often have a significant caseload to handle and prioritisation – by necessity – often takes place based on urgency. If an issue comes before the court that is high on the agenda of public debate, this can be an incentive to consider the matter more expeditiously.

Second, by not connecting litigation efforts with public messaging, an important opportunity is missed in informing the wider public about the issue being litigated in court. This sometimes requires some translation work; not all legal concepts are easily relatable for a general audience and what is at stake needs to be presented in a different way than to a judge. But it is an important task: if the case is important enough to go to court, why shouldn’t the public whose interest you’re trying to benefit with the case know what you are trying to achieve? Moreover, they can bring important support to your case (and cause!) by making their voice heard.

This ties into a third factor: implementation. A win in court does not automatically mean that the policy, law or practice you sought to change will be fixed. More work will be needed to push for implementation, legislative follow-up, and sometimes also in the courtroom. To fight these battles on multiple fronts, it is important to have partners who are skilled in pursuing those objectives together. On the other end of the spectrum is the situation where a case is lost. In some circumstances, a loss in court can still be leveraged into a win on other fronts. For example, public outrage about a judicial outcome can help create a necessary push for legislative change. Here, public support, as well as strategies and partners outside the courtroom are essential.

Social and structural change is a long-term battle. Different strategies are needed at different points in time to pursue the objective or “the cause”. Litigation is one tool that can be employed as part of those strategies, but ultimately, “the case” is only one of many steps taken in the pursuit of a bigger cause. This realisation is crucial and also opens up many new potential avenues for identifying cases that can potentially support the pursuit of the cause. By building longer term alliances and partnerships that include a variety of skillsets (advocacy, litigation, policy, technical expertise) around an issue, you create a network where you can share information and find good options for litigation or even proactively create test cases. You also create a fertile landscape where efforts on one front can positively influence the others and vice versa.

In developing DFF’s grantmaking criteria, we are taking these factors into account. In assessing future applications, we will be more compelled by case proposals that not only demonstrate a solid legal strategy, but also a broader advocacy strategy around the litigation, where needed in collaboration with partners that can offer expertise the litigants do not have themselves. This can include advocacy, lobbying and media outreach.

We welcome your views and encourage you to share them with us as we continue developing our plans.

This post is the third of a series on strategic litigation. Also read part 1: Litigation as an instrument for social change – laying the foundations for DFF’s litigation support and part 2: Just a lawsuit or a case for a cause: what makes litigation “strategic”?