Legally Does It…

Included in the several hundred blog feeds I subscribe to are several legal ones. I don’t really understand the law well enough to read it properly, or think through the consequences of how it might be applied, misapplied, or gamed, so I tend to rely on other commentators for the interpretation and then just skim their reviews for choice phrases or ideas.

So here’s a quick round up of several law related issues that crossed my wires over the last few days, some from law blogs, some not…

First up, it seems Wyoming have been working on a “data trespassing” law – In Wyoming it’s now illegal to collect data about pollution – ENROLLED ACT NO. 61, SENATE SIXTY-THIRD LEGISLATURE OF THE STATE OF WYOMING 2015 GENERAL SESSION:

6-3-414. Trespassing to unlawfully collect resource data; unlawful collection of resource data.
(a) A person is guilty of trespassing to unlawfully collect resource data if he:
(i) Enters onto open land for the purpose of collecting resource data; and
(ii) Does not have:
(A) An ownership interest in the real property or, statutory, contractual or other legal authorization to enter or access the land to collect resource data; or
(B) Written or verbal permission of the owner, lessee or agent of the owner to enter or access the land to collect the specified resource data.
(b) A person is guilty of unlawfully collecting resource data if he enters onto private open land and collects resource data without:
(i) An ownership interest in the real property or, statutory, contractual or other legal authorization to enter the private land to collect the specified resource data; or
(ii) Written or verbal permission of the owner, lessee or agent of the owner to enter the land to collect the specified resource data.

(d) As used in this section:
(i) “Collect” means to take a sample of material, acquire, gather, photograph or otherwise preserve information in any form from open land which is submitted or intended to be submitted to any agency of the state or federal government;
(ii) “Open land” means land outside the exterior boundaries of any incorporated city, town, subdivision approved pursuant to W.S. 18-5-308 or development approved
pursuant to W.S. 18-5-403;

(iv) “Resource data” means data relating to land or land use, including but not limited to data regarding agriculture, minerals, geology, history, cultural artifacts, archeology, air, water, soil, conservation, habitat, vegetation or animal species. “Resource data” does not include data:
(A) For surveying to determine property boundaries or the location of survey monuments;
(B) Used by a state or local governmental entity to assess property values;
(C) Collected or intended to be collected by a peace officer while engaged in the lawful performance of his official duties.
(e) No resource data collected in violation of this section is admissible in evidence in any civil, criminal or administrative proceeding, other than a prosecution for violation of this section or a civil action against the violator.
(f) Resource data collected in violation of this section in the possession of any governmental entity as defined by W.S. 1-39-103(a)(i) shall be expunged by the entity from all files and data bases, and it shall not be considered in determining any agency action.

So, it seems as if you are guilty of trespassing on “open land” if you collect air monitoring or pollution data, for example, for the intention of submitting it to a government agency, state or federal, without permission. And if you do collect it, it can’t be admitted in evidence (and if it is, you presumably admit liability for trespass if you collected it and try to submit it as evidence?); and if that data finds its way into a government database, it has to be deleted and can’t be used by the government entity. Note that “collect” also includes photograph. I’m not sure if drones collecting such data result in the drone operator committing the trespass? Would a drone intrude onto such land? What about aerial photography? Or satellite imagery? Or air / dust data collected outside the boundary on a windy day with the wind blowing across the land in question at you?

One of the things that the blog helps me with is not forgetting. This is handy, not only for cheap told-you-so-years-ago moments, but also keeping track of events that seemed notable at the time, which can help when folk later try to rewrite history. A post today on the IALS Information Law and and Policy blog by Hugh Tomlinson QC – “Right to be forgotten” requires anonymisation of online newspaper archive – reports on a Belgian ruling that seems to have implications for news archives (I don’t count Google’s index as an archive). Apparently:

Digital archiving of an article which was originally lawfully published is not exempt from the application of the right to be forgotten. The interferences with freedom of expression justified by the right to be forgotten can include the alteration of an archived text.

The Court of Appeal had correctly decided that the archiving of the article online constituted a new disclosure of a previous conviction which could interfere with his right to be forgotten.

Balancing the right to be forgotten and the right of the newspaper to constitute archives corresponding to historical truth and of the public to consult these, the applicant should benefit from the right to be forgotten. As the Court of Appeal held, the maintenance of the online article, many years after the events it describes, is likely to cause the applicant disproportionate damage compared to the benefits of the strict respect for freedom of expression.

This is the first case that I am aware of in which a Court has ordered that an online archive should be anonymised – as opposed to the less drastic remedy of ordering the newspaper to take steps to ensure that the article was not indexed by search engines. The Belgian courts were not impressed by arguments in favour of keeping the integrity of online archives.

The English courts have yet to engage with the issue as to whether and to what extent “rehabilitated offenders” should be protected from continuing online dissemination of information about their spent convictions. There are powerful arguments – under both data protection and privacy law – that such protection should be provided in appropriate cases. Online news archives do not possess any “absolute immunity” – they are regularly amended in defamation cases – and effective privacy protection may sometimes require their amendment. It remains to be seen how the English courts will deal with these issues.

What do the librarians think about this?

And what happens when the historical record isn’t? I guess historians really won’t be able to trust press reports as first drafts any more?!

Over on the Inforrm blog, Dan Tench writes about the Digital Economy Bill: new offences for the disclosure of information and the risk to journalists:

Part 5 creates a number of new criminal offences (at clauses 33, 34, 42, 50 and 58) imposing criminal liability on those who receive the information and then disclose it to third parties. For the offence to be committed, the information in question must constitute “personal information”, which is information which relates to and identifies a particular “person”, including a body corporate (clause 32(4)). This is a bizarre definition which means that, contrary to ordinary language and the use of the term in other legal contexts, any information about an identified company would be “personal information” – even something as anodyne as information that a particular company has a number of government contracts.

Defining legal entities such as companies as “persons” to whom data protection clauses apply?! Seriously? (Will that also apply to robots, as per Legislating Autonomous Robots?)

Dan goes on:

Even more significantly, these provisions would also impose criminal liability on the third parties who receive the information if they subsequently disseminate it. In both cases, the offences would be committed even if the disclosure of the information by the original public authority (absent the provisions of the Bill) would not itself constitute a criminal offence.

So imagine if an official at the Environment Agency discloses some information to a say, a local authority, to “improve public service delivery” pursuant to the provisions in clause 29. An individual at the local authority considers that this information reveals a serious iniquity relating a corporate entity and passes it on to a journalist on a national newspaper. The newspaper then publishes the information. It would appear that under these provisions the individual at the local authority, the journalist and most probably the newspaper would all be committing criminal offences.

By contrast, if the official at the Environment Agency had equally taken umbrage with the information in question, he or she had revealed it to the journalist and it had been published on those circumstances, it is unlikely that any offence would have been committed.

There seems no logic in that. It is true that it might be a somewhat rare circumstance when these conditions might apply but making criminal disclosures of any information in any situation is surely something which should be done only with the greatest of care, not least because of the consequences to freedom of expression.

Also today, Out-Law report that the UK government tests whether ‘online activity history’ can serve to verify identity:

“We have been looking at projects that consider the use of different sources of activity history when proving an individual is who they say they are,” [said] Livia Ralph, industry engagement lead at the GDS.

Ralph said that if data from social media accounts can be used for digital ID verification purposes then it could increase UK adults’ use of Verify by 9% and by up to 38% in the case of 16-25 year olds.

Under the Verify system, individuals using government online services choose a certified ID assurance provider with which to verify their identity. This involves answering security questions and entering a unique code sent to an individuals’ mobile number, email address or issued in a call to their fixed-line telephone number.

When using government services online thereafter, government bodies are able to rely on the third party verifications of individuals’ identities. The system is still in development but is aimed at streamlining the identity verification process for both government bodies and the public.

The phrase that jumped out at me first? “When using government services online thereafter, government bodies are able to rely on the third party verifications of individuals’ identities”. And then you just have to flip this to realise that every time you log on to a government or public service, which presumably doesn’t have Facebook (or whoever) tracking set on it, the login will provide Facebook (or whoever) with that information. Good oh – everyone helping everyone else track everyone and everything.

And finally – an email went round the OU a few days ago about some new whistleblowing and anti-fraud policies. One reason for whistleblowing is to get information out about nefarious or fraudulent activities that are either being conducted in secret, or where oversight is failing. I note that public bodies are free to set up operating companies to conduct particular bits of their business (FutureLearn in the OU’s case, for example, or companies set up by local councils). I also note that such companies are not necessarily subject to FOI (the Unison Branch guide to local authority trading companies suggests this is the case if they are not solely owned, for example? FutureLearn is solely owned by the OU – so is it FOIable? It seems so…). With many of the FutureLearn papers tabled to OU committees labeled as “confidential” (and as such not viewable by members of the university not on those committees), presumably on grounds of commercial confidentiality, I wonder more generally about the extent to which universities and public bodies may create companies to limit information sharing? Particularly if such companies come to be classed as “persons” about whom “personal” information, sensitive or otherwise, may not be shared.

Author: Tony Hirst

I'm a Senior Lecturer at The Open University, with an interest in #opendata policy and practice, as well as general web tinkering...

2 thoughts on “Legally Does It…”

  1. Thanks for collecting these and reporting it here. I am wondering if autonomous devices would also be subject to these trespassing rules. For example, an autonomous ‘worm’ device that you release at the source of a stream/brook/river, which will be taken by the water downstream, passing through public/private lands, and stores/sends back GPS-stamped sample data. If you release it and pick it up on legal points, would the device be trespassing?

    1. I suspect the intent behind the law would be that the operator would either be considered to be trespassing or be responsible for causing an act of trespass/illegal data collection?

Comments are closed.

%d bloggers like this: