Fresh accusations have been made against the latest draft of India’s data protection bill, alleging that it continues to facilitate state surveillance.

India’s Internet Freedom Foundation (IFF), an Indian digital liberties organisation, said that the new draft retains the wide and vague exemptions that were present in previous interactions of the Bill - key clauses that would provide the government powers that could violate the privacy of its citizens.

“This is because these standards are excessively vague and broad, therefore open to misinterpretation and misuse,” said the IFF. “If the law is not applied to government instrumentalities, data collection and processing in the absence of any data protection standards could result in mass surveillance.”

The IFF said that it’s essential for government collection and processing of citizen data to be regulated as well, to avoid any misuse.

Additionally, the data protection board (DPB), which is set to be formed through the Bill, will not have the independence needed to protect the data laws. This is because the government has the power to prescribe the composition of the board, the selection process, and remove its chair and other members.

The IFF said that this may result in the board reflecting the hierarchies of government, and since it’s meant to oversee the compliance of the legislation by the private sector as well as government agencies, it’s important for it to be fully independent.

The Indian government released the draft of its Digital Personal Data Protection Bill 2022 on 18 November and has made it available for public feedback until 17 December. This comes after it decided to withdraw the Bill’s predecessor in August 2022, the Personal Data Protection Bill that was first proposed in 2019, to develop a new law instead.

The IFF highlighted how the latest draft eliminated many of the clauses that were in the previous version of the Bill. It now contains around 30 clauses, reduced from more than 90 in previous versions.

The Indian government said this was to draft it in simple and plain language so that more people could understand its provisions. The IFF argued this has removed key information, adding that since the public consultation accompanying the Bill will not be disclosed it will also weaken public trust in the development of the Bill.

One of the biggest changes of the Bill is that it removes data localisation requirements, opening the path to cross-border data transfers. However, the IFF said that data fiduciaries, similar to data controllers under GDPR, are only able to transfer personal data to countries that the government selects, meaning that data transfer to any other country is not allowed. The clause also doesn’t define how the government should decide which countries can be chosen to allow data transfers to.

“This enables arbitrary exercise of power where countries may be selected or not selected based on considerations other than protection of personal data of Indians,” said the IFF. “This is in contrast with Articles 44 to 50 of the General Data Protection Regime which permits the transfer of personal data of Europeans only to such countries which provide a minimum level of protection to such data.”

The IFF also outlined some positive changes in the new Bill. Data fiduciaries are now forced to notify the DPB whenever they’ve suffered a breach, and then the DPB is able to tell the fiduciary to adopt urgent measures to remedy the personal data breach or mitigate any harm.

The digital liberties group said this was important as previous iterations of the Bill didn’t require fiduciaries to notify data principals in the event of a breach. Users wouldn’t have known that their data had been compromised because of this.

Additionally, more barriers have been introduced when it comes to processing children’s personal data. There are tighter restrictions around how entities carry out tracking or behavioural monitoring of children, including targeted advertising aimed directly at them.

The UK's Ministry of Justice (MoJ) has been served an enforcement notice by the Information Commissioner's Office (ICO) for failing to address and respond to a growing backlog of Subject Access Requests (SARs).

The MoJ is said to have contravened Chapter 3, Article 15 of the EU and UK GDPR, and section 45 of the Data Protection Act 2018, and has now been ordered to develop a recovery plan that includes details of how to remedy the outstanding SARs, and "take appropriate steps" to ensure future SAR submissions are timely notified of any delays to a response.

The ICO said it issued the enforcement notice after considering, and agreeing, that "damage or distress is likely" as a result of the delay in SAR processing, which meant subjects were "being denied the opportunity of properly understanding what personal data may be being processed about them by the controller". Data subjects were also deemed to have been unable to exercise their statutory rights in respect to their data.

At its peak, it's believed the subject access request backlog had grown as high as 7,753.

The ICO acknowledged the difficulties faced by the MoJ, especially as pandemic restrictions limited affected its ability to process SARs. However, the "substantial number" of SARs that are out of time for compliance was "a cause of significant concern for the Commissioner," the ICO said in the enforcement notice.

It also added that "previous meetings and correspondence between the controller and commissioner have proven largely ineffective in reducing the number of outstanding SARs".

Failure to meet the demands of the enforcement notice will result in a fine of £17.5 million or 4% of its annual global turnover, whichever is higher. The MoJ has 28 days to appeal the notice.

"We take our responsibilities seriously and have set out an action plan to clear the backlog," an MoJ spokesperson told IT Pro."

"The MoJ devotes significant resources to meeting these legal obligations, and we have hired extra staff to assist in clearing outstanding requests," they added. "The pandemic has had an unprecedented impact on our work, but we responded quickly and adapted ways of working to continue to provide a level of service to requestors.

"We have engaged in constructive dialogue with the ICO before and throughout the pandemic and have a clear action plan we have in place to clear the backlog."

Timeline of events

The ICO originally became aware of a backlog at the MoJ on 7 January 2019, which resulted in conversations with the data controller over the following year. This almost led to an enforcement notice being issued - a formal exercise of the Commissioner's powers for violations of data protection law - which was ultimately delayed due to the pandemic.

According to the ICO, the pandemic "led to a shift in Commissioner's approach to regulatory action" and saw the investigation into the MoJ paused. New societal restrictions affected the MoJ's ability to respond to the backlog of SARs, the data controller told the ICO in an October 2020 update. Urgent cases were being prioritised, such as those affecting legal proceedings, police investigations, and immigration hearings.

The ICO said contact between it and the MoJ resumed in March 2021 and by April, it became aware that the MoJ was facing 5,956 outstanding SARs to which the MoJ had only partially responded. A total of 372 of these dated back as far as 2018.

Regular progress updates from the MoJ regarding how it was addressing the backlog were then requested by the ICO and by May 2021, the backlog had grown to 6,398. The backlog grew further to 7,753 by August 2021 after the MoJ said it predicted the resumption of a full SAR service by "summer/autumn 2021". It also said that of the near-8,000 outstanding cases, 25 received no response at all and around 960 predated the pandemic.

The MoJ promised to address the pre-pandemic cases first, setting itself a deadline of 31 May 2022, after which time it "will then move forward with plans to revisit the remaining 6,772 partial response cases in the timeliest way achievable".

US cyber security firm Palantir brought in £22 million worth of profits in 2020 following its controversial deal with the UK's NHS.

The company has been awarded more than £46m in public contracts by the UK government since the start of 2020, according to the openDemocracy.

In 2019, the US firm reported losses of nearly £1.6 million, but it's work in the UK has helped to dramatically transform its balance sheets.

Palantir has been a target for the openDemocracy for some time, with the latter suggesting the former is a "secretive" company seeking "unprecedented" access to NHS patient data. Last year, openDemocracy successfully sued the UK's government and forced it to commit to not extending Palantir's contract beyond the COVID pandemic without a consultation.

Palantir was founded by US entrepreneur Peter Thiel and was originally a service that supported the CIA's counterinsurgency and intelligence operations in Afghanistan and Iraq. It's other clients have included the FBI, the US Army, and the US Special Operations Command.

However, in the UK, the firm is more famous for its close ties to the UK government. OpenDemocracy said that it has now discovered that a "number" of former Palantir officials now work for the UK government.

One of them, Mike Speirs, joined the Department of Health and Social Care in December, six months after leaving Palantir.

"Speirs' LinkedIn profile now describes him as a "deputy director" of the department, acting as chief of staff to the chief operating officer of the COVID Test and Trace scheme," the non profit wrote. "While at Palantir, Speirs says he 'led the data ingestion and governance programme for Palantir's work with the NHS in response to the COVID-19 crisis'."

The contracts awarded to Palantir have also been called into question by the deputy leader of Labour, Angela Rayner, who said that the rules which govern conflicts of interest in Parliament were "unfit for purpose".

"Short-term emergency COVID powers cannot and must not be used to secretly embed private companies within our National Health Service and give private companies access to sensitive patient data," Rayner told the openDemocracy.

"Our National Health Service is our country's greatest institution and our greatest asset. It should be run in the interests of the people who work for the NHS, the people who rely on the NHS and all of us who love and treasure it, not in the interests of private companies that seek to profit from health services and patient data."

Recruitment platform LinkedIn has denied claims that it has suffered a data breach, claiming that 700 million user accounts have surfaced online due to 'data scraping'.

Cyber security specialists Privacy Sharks spotted a sample of the dataset for sale on a popular hacker forum called 'RaidForums'.

Researchers from the company viewed the sample set - which included one million records - and were able to confirm that it included full names, gender, email addresses and phone numbers for LinkedIn users.

The firm immediately contacted LinkedIn, which suffered a similar incident just two months ago when the details of 500 million users showed up online. That data leak contained an "aggregation of data from a number of websites and companies" alongside "publicly viewable member profile data", according to the recruitment site, so it wasn't technically a 'breach' where private info was stolen.

This latest find, which is said to include 700 million records, is being described in a similar fashion by LinkedIn, which seems keen to stress that it "is not a data breach". Analysis from Privacy Shark, however, suggests it could include information from both public and private profiles.

"Our teams have investigated a set of alleged LinkedIn data that has been posted for sale," the company said in a post on its site.

"We want to be clear that this is not a data breach and no private LinkedIn member data was exposed. Our initial investigation has found that this data was scraped from LinkedIn and other various websites and includes the same data reported earlier this year in our April 2021 scraping update."

'Data scraping' seems to be a bit of a theme for LinkedIn this year, as the firm was recently given legal authority to try and stop rival firm hiQ Labs from harvesting its data. The move essentially dismissed a lower court ruling that previously barred the company from preventing hiQ Labs from accessing information that LinkedIn members had made public on the business platform.

Privacy International and several other European digital privacy campaigners have launched legal action against the controversial US facial recognition firm Clearview AI.

Legal complaints filed in the UK, France, Austria, Italy, and Greece claim that the company's methods for collecting images are in violation of European privacy laws.

Clearview AI is a New York-based startup that claims to have built a database of more than three billion facial images, which is used to power its facial recognition system. It uses an image scraper to automatically collect publicly available photos of faces, mostly from social media sites, to build out its database. It then sells access to this database to law enforcement agencies and private companies.

Along with Privacy International, Vienna-based group NYOB, the Hermes Centre for Transparency and Digital Human Rights, and Homo Digitalis, have all filed complaints that Clearview's data collection goes beyond what the average user would expect when using online services.

"Extracting our unique facial features or even sharing them with the police and other companies goes far beyond what we could ever expect as online users," said Privacy International's legal officer Ioannis Kouvakas in a joint statement.

Privacy International has also submitted evidence to the UK's Information Commissioner's Office (ICO) arguing that Clearview's practices violate GDPR and the Data Protection Act 2018. It said that, as the data controller, Clearview's conduct "satisfies Article 3(2) of the GDPR as it has been reported to offer its services to both private entities and law enforcement authorities in the UK, and has engaged in monitoring of the behaviour of data subjects within the UK by collecting their personal data".

Privacy International has also pointed to reports that among Clearview's customers is the UK's National Crime Agency, the Metropolitan Police, Northamptonshire Police, North Yorkshire Police, Suffolk Constabulary, Surrey Police, and Hampshire Police, all of which either registered with its services or have trialled them.

The ICO has already been involved in an investigation into Clearview, assisting its Australian counterparts last year in a probe into the company's data gathering across social media. A separate probe from the Canadian privacy commissioner in February, found that its image scrapping was "illegal" and created a system that "inflicts broad-based harm on all members of society".

IT Pro has approached Clearview AI for comment.

Germany's data regulator has banned Facebook from processing any data from WhatsApp users on the basis that its controversial new terms and service are illegal under GDPR.

Hamburg's Commissioner for Data Protection and Freedom of Information (DPA) issued an emergency order on Tuesday blocking Facebook from processing WhatsApp data "for its own purposes" for three months.

WhatsApp's privacy policy update has already been delayed due to the backlash from users but plans to share more data with its parent company, Facebook will be fully rolled out on 15 May.

The app already shares data with the social network and has done since 2016. However, it will now also share payment and transactional data in a bid to improve targeted advertising as the service moves towards online shopping.

''The order is intended to secure the rights and freedoms of the many millions of users who provided their consent to the terms of use throughout Germany," said Johannes Caspar, the head of the German data protection authority (DPA).

"The global criticism of the new terms of use should give rise to a fundamental rethink of the consent mechanism. Without the trust of users, no data-based business model can be successful in the long term.''

Facebook stated that it wouldn't share data with WhatsApp when it acquired the app in 2014, but it has struggled to make money from the service. Regulators in both India and Brazil have also taken similar regulatory action over the incoming policy change with the social network currently considering appeals.

In regards to the Hamburg DPA's order, WhatsApp said it is "based on a fundamental misunderstanding" of the purpose and effect of its update and therefore had no legitimate basis.

"Our recent update explains the options people have to message a business on WhatsApp and provides further transparency about how we collect and use data," a spokesperson for WhatsApp said. "As the Hamburg DPA's claims are wrong, the order will not impact the continued roll-out of the update. We remain fully committed to delivering secure and private communications for everyone."

Digital Rights Ireland (DRI) is commencing a “mass action” lawsuit against Facebook on behalf of people who have been caught up in the data breach affecting 533 million users.

Anyone who has been affected and lives in the European Union or European Economic Area should seek monetary damages from Facebook, stated the group, which pointed out that GDPR gives the right to monetary compensation where data protection rights have been breached.

Users who have been affected are being advised to check Have I Been Pwned to see if their data was found in the latest breach, and then to then join the mass action case against Facebook.

“We understand people's concerns, which is why we continue to strengthen our systems to make scraping from Facebook without our permission more difficult and go after the people behind it," a Facebook spokesperson told IT Pro.

"As LinkedIn and Clubhouse have shown, no company can completely eliminate scraping or prevent data sets like these from appearing. That's why we devote substantial resources to combat it and will continue to build out our capabilities to help stay ahead of this challenge.”

News of the lawsuit comes after the Irish Data Protection Commission (DPC) announced last week it has launched an inquiry into the alleged Facebook data leak. As the social network has its European headquarters in Dublin, it falls to the Irish regulator to investigate whether the social media giant complied with its data controller responsibilities when it came to processing personal data of its users.

The regulator found that of the 533 million users affected in the leak, a “significant number” are EU users, and it highlighted that much of the data seems to have been scraped some time ago from public Facebook profiles.

The data was reportedly published in 2018 and 2019 and is thought to have been scraped between June 2017 and April 2018. This is important, as GDPR came into effect on 25 May 2018. If the social media company can demonstrate the scraping occurred before this date, any potential regulatory action would be referred to under the Data Protection Directive. This devolves the responsibility to member states.

The data, that was published on a low-level hacking forum, was downloadable for free and allowed anyone to look up a user’s record using their phone number. The information available included phone numbers, Facebook IDs, full names, previous locations, birth dates, relationship statuses and biographies.

The Irish Data Protection Commission (DPC) has launched an inquiry into an alleged Facebook data leak that affected an estimated 533 million users worldwide.

Due to Facebook’s European headquarters being based in Dublin, the Irish regulator is to investigate whether the tech giant had complied with its data controller responsibilities when processing the personal data of its users.

In a statement, the DPC shared that it “is of the opinion that one or more provisions of the GDPR and/or the Data Protection Act 2018 may have been, and/or are being, infringed in relation to Facebook Users’ personal data”, based on “information provided by Facebook Ireland”.

Last week, the regulator stated that, of the 533 million individuals caught up in the leak, a “significant number” are EU users, adding that much of the data appears to have been scraped some time ago from public Facebook profiles.

Facebook released a statement saying that the leaked data wasn’t obtained through hacking Facebook’s systems, but by “malicious actors” scraping it from the tech giant’s platform “prior to September 2019”. The company added that it is “confident that the specific issue that allowed them to scrape this data in 2019 no longer exists”.

The datasets, which were reportedly published in 2019 and 2018, are thought to have originated through a large-scale scraping of the social media giant’s website which reportedly occurred between June 2017 and April 2018. The timeline is important, as given that GDPR came into effect on 25 May 2018, if Facebook is able to show that this scraping had occurred before this date then any potential regulatory action would be subject to sanctions set out under the Data Protection Directive - which effectively devolved this responsibility to member states.

Simply put, if found to have breached data protection rules in any way, Facebook could avoid having to pay a substantial penalty under GDPR, which could be as high as 4% of the tech giant’s annual turnover.

Commenting on the Irish DPC’s decision to launch an inquiry into the leak, a Facebook spokesperson said that the company was “co-operating fully”, adding that the investigation “relates to features that make it easier for people to find and connect with friends on our services”.

“These features are common to many apps and we look forward to explaining them and the protections we have put in place,” the spokesperson added.

The European Union might force US tech giants such as Amazon, Facebook, and Google to share their vast collection of customer data with smaller rivals, according to a new draft of the Digital Services Act seen by the Financial Times.

The new regulations, which aim to increase responsibility and liability for social media firms and the content on their platforms, are set to be proposed by the end of this year.

According to the draft, which reportedly includes 30 paragraphs of prohibitions or obligations, tech giants will be banned from using “data collected on the platform . . . for [their] own commercial activities . . . unless they [make it] accessible to business users active in the same commercial activities”.

It will also prohibit the so-called ‘gatekeeper’ platforms, which are in charge of online marketplaces, from using “data received from business users for advertising services for any other purpose other than advertising service”.

The draft also suggests that tech giants will be banned from treating their own services on their sites or platforms in a preferential manner that could disadvantage rivals. Companies might be prohibited from pre-installing their own apps on hardware devices, for example.

According to the FT, EU legislators might also force tech giants to allow users to uninstall any pre-installed apps on devices such as smartphones and personal computers.

News of this regulation comes days after the EU internal market commissioner Thierry Breton told the FT that the Digital Services Act could have the power to exclude large tech companies from the single market altogether. However, it is anticipated that the tech giants won’t back down without a fight.

Earlier this month, Google asked the European Commission to "clarify" its expectations towards tech companies regarding the Digital Services Act. The firm submitted a 135 page document calling for the EC to avoid a "one-size-fits-all" approach and hit back at the legislators’ choice to label tech giants as ‘gatekeepers’.

“In certain sectors, the platform may have market power; in others, it may be a new entrant or marginal player. The digital ecosystem is extremely diverse and evolving rapidly and it would be misguided for gatekeeper designations to be evaluated by reference to the position of an entire company or corporate group,” argued Google.

The UK has struck its first major post-Brexit trade deal, signing an agreement in principle with Japan, with provisions to allow the free flow of data between the two countries.

The 'Comprehensive Economic Partnership Agreement' was agreed in principle by the international trade secretary Liz Truss and Japan's foreign minister Toshimitsu Motegi. The government estimates that the deal will increase trade with Japan by £15.2 billion.

The agreement contains "cutting-edge" digital and data provisions that go "far beyond" the deal struck between Japan and the European Union, according to the government. The EU-Japan trade agreement is thought to be the world's largest area of safe data flows, with both recognising their respective data protection systems as equivalent.

Part of the deal includes an agreement to ban data localisation. This requires the initial collection, processing and storage of data to occur first within the boundaries of a country and, in some cases, that data must be deleted from foreign systems before being removed from systems in the data subject's home nation.

Without it, UK firms are free to operate in Japan without the need to build servers or data residencies in the country. The UK government suggests this will encourage fintech firms, such as Revolut and Transferwise, to expand their operations to Japan.

"Today's agreement improves an already flourishing relationship between the UK and Japan tech sectors and creates significant opportunities for trade and investment for both our countries," said Julian David, CEO of TechUK.

"Since 2018, in partnership with JEITA, we have run a successful UK-Japan Tech Forum to enable our members to develop a closer relationship with Japan and we look forward to working with the Government and our partners in Japan to assist the tech sector in taking full opportunity of this."

Facebook has confirmed that the Irish Data Protection Commissioner (DPC) has issued the social network with a preliminary order to stop transferring EU user data to the US.

The order has been described as "well progressed" according to the Independent and could have wider implications for tech companies that transfer data across the Atlantic.

It's the first move by the DPC since July, when the European Court of Justice ruled that Privacy Shield, the mechanism that companies used to transfer EU data to the US, was no longer valid now that GDPR is in force.

The ruling also stated 'standard contractual clauses' (SCCs) were valid as a data transfer mechanism, provided that data controllers carry out assessments on whether it's possible for these contractual terms to be upheld in any country where invasive surveillance laws exist, such as the US.

The DCP has suggested to Facebook that SCCs cannot in practice be used for data transfer between the EU and the US, according to the social network's vice president of global affairs and communications, and former UK deputy prime minister, Nick Clegg.

While the inquiry is still in its early stages, Clegg has said it could have far-reaching effects on the businesses that rely on SCCs and could cause near-term chaos for the global economy.

"The impact would be felt by businesses large and small, across multiple sectors," Clegg wrote in a blog post. "In the worst-case scenario, this could mean that a small tech startup in Germany would no longer be able to use a US-based cloud provider. A Spanish product development company could no longer be able to run an operation across multiple time zones. A French retailer may find they can no longer maintain a call centre in Morocco."

"The effects would reach beyond the business world, and could impact critical public services such as health and education. Ireland's Covid Tracking App states, in its terms, that it relies on SCCs as one of a number of mechanisms to transfer data to one of its processors in the US. International cloud providers and email platforms provide services to schools, Universities and hospitals across Europe. Millions of people use video conferencing software every day, to keep in touch with friends and family who live in different countries."

TikTok has announced plans to open its first European data centre in Ireland, an investment worth around €420 million (£380 million).

The news comes following the US government’s crackdown on the video-sharing social media platform. President Donald Trump had previously threatened to ban the app on the basis of Chinese-linked security threats and on Monday he demanded that the US Treasury receive a cut of the proceeds from the forced sale of TikTok. However, according to regulatory lawyers, this may be open to challenges.

TikTok’s decision to open a data centre in Ireland, the first in Europe, could signify a desire to shift its operations away from the US as well as secure its position in the European market.

The million-euro investment is expected to create hundreds of jobs, as well as facilitate faster loading time and safe storage of European users’ data, according to Roland Cloutier, TikTok’s global chief information security officer.

“This data centre signals our long-term commitment to Ireland and we expect the data centre to open and be operational by early 2022,” Cloutier wrote in a blog post.

Late last month, TikTok Ireland became the data controller for users in the EEA and Switzerland.

“Ireland already plays a key role in our rapidly expanding European operations,” said Cloutier. “Since establishing our EMEA Trust and Safety Hub in Dublin at the start of this year, we have rapidly expanded our team and appointed senior leaders who are continuously enhancing the strategies, policies and processes designed to keep people on TikTok safe.”

Commenting on the announcement, Martin Shanahan, CEO of IDA Ireland, the agency responsible for the attraction and retention of inward foreign direct investment into the country, said:

“TikTok’s decision to establish its first European data centre in Ireland, representing a substantial investment here by the company, is very welcome and, following on from the establishment of its EMEA Trust & Safety Hub in Dublin earlier in the year, positions Ireland as an important location in the company’s global operations.”

With the new investment, TikTok might be hoping to receive better treatment from regulators in the EU than those in the US.

In late June, the platform signed the EU's Code of Practice on disinformation, agreeing to a set of voluntary steps aimed at combating the spread of false information and ‘fake news’. However, it is unclear whether this will be enough to appease the EU and ward off the sort of restrictions imposed on fellow Chinese tech companies.

A Microsoft 365 learning platform has launched data residencies in the UK and Germany to support new compliance requirements within those regions.

Learning Management System (LMS365) is a service built into Microsoft 365 that helps organisations to deliver training on the business suite through SharePoint, Teams and mobile devices.

The platform has announced it's deploying new 'Azure' data centres in the UK and Germany. The company said that as the COVID-19 crisis has accelerated cloud-based technologies, businesses in these regions are having to grapple with changing regulatory frameworks and in-country data residency standards.

For the UK, the General Data Protection Regulation (GDPR) combined with country's exit from the European Union has placed a new focus on data governance and security, according to Travis Campbell, senior business manager at LMS365.

"It's important for us that customers can choose our platform without having to worry about legal constraints," he said. "Providing these new data centres is key to supporting our expanding customer base as they rely on LMS365 to successfully implement remote learning and learning in the flow of work via Microsoft 365 and Teams."

Similarly, at the end of 2019 Slack announced data residencies in Europe, with a UK region launched in April. Its reasoning was that large organisations needed more control over their data to meet tough compliance regulations.

For German businesses, the pandemic and its effect on digitisation have intensified the focus on data governance, according to Robert Nederby, managing director of DACH at LMS365.

"COVID-19 put high pressure on companies to support remote working," he said. "At the same time, German businesses across industries are fast-tracking their cloud and digitisation journeys. This has raised discussions of data protection and unprecedented demand for trusted cloud infrastructures like Microsoft 365, Teams and Azure.

"This expansion helps us deliver on our continued commitment to serve our fastgrowing customer base of +200 customers in UK and DACH, and to elevate their businesses through the transformative capabilities of the LMS365 platform."

The European Data Protection Board (EDPB) has updated a section of the GDPR to give clearer advice around the use of consent on web pages.

The new advice now states that scrolling or swiping through a website should not be interpreted as "consent" and can no longer be used as a signal to begin tracking user data.

The board have also provided further clarification on the validity of "cookie-walls", reiterating to companies that the use of cookie consent boxes that require a user to consent in order to view content is in breach of GDPR.

Where swiping or scrolling is concerned, the example given by the EDPB clarifies that the data controller must be able to demonstrate that consent was obtained this way and that data subjects must be able to withdraw consent as easily as it was given.

"Swiping a bar on a screen, waiving in front of a smart camera, turning a smartphone around clockwise, or in a figure-eight motion may be options to indicate agreement, as long as clear information is provided, and it is clear that the motion in question signifies agreement to a specific request (e.g. if you swipe this bar to the left, you agree to the use of information X for purpose Y. Repeat the motion to confirm.")," the guidelines state.

On the topic of cookie consent walls, the board specifically called out websites that prohibit access to content unless consent is given.

"A website provider puts into place a script that will block content from being visible except for a request to accept cookies and the information about which cookies are being set and for what purposes data will be processed," the guidelines explain.

"There is no possibility to access the content without clicking on the 'Accept cookies' button. Since the data subject is not presented with a genuine choice, its consent is not freely given. This does not constitute valid consent, as the provision of the service relies on the data subject clicking the 'Accept cookies' button."

Although much of the guidance is already set out under GDPR, some ambiguity in the text has led to incongruity in the application of the law on websites across Europe.

The European Union's General Data Protection Regulation (GDPR) has been the biggest shake-up of data protection laws the world has ever seen. Since its introduction in May 2018, the way businesses across Europe collect, store and use data has come under greater scrutiny.

However, its introduction also came amid the UK's prolonged exit from the EU. This led to uncertainty around the UK adopting the legislation as its main purpose was to harmonise data transfers throughout member states. However, GDPR has and will continue to exist in the UK in the form of the Data Protection Act (DPA) 2018, as will the Data Protection Act (DPA) 1998.

The DPA 2018 is often referred to as 'UK GDPR' but is actually an update to the DPA1998. It was changed to translate the majority of the GDPR's principles so that they fit into existing UK laws.

The 1998 law is still in use for cases of data misuse or theft that happened before 23 May 2018 (the implementation date of DPA 2018). Although this law has been in play for some time, it's important businesses understand how both work since they can still be found in breach of the older one for legacy incidents.

It's also important to understand that data laws have had to evolve, which may have changed some articles of the Data Protection Act 1998. Organisations must understand how much the law has changed and its current scope in terms of compliance, as well as how it can still make an impact on your business.

What does the Data Protection Act 1998 mean?

The Data Protection Act 1998 was the law governing the processing of personal data by all organisations, be they public or private, including charities.

All data breaches in the UK are investigated by the Information Commissioner's Office (ICO) and the same was true then, although the act provided guidelines for the type of penalty that could be applied if someone was found to have been in contravention of the rules.

Data Protection Act 1998: Summary

The Data Protection Act 1998 regulated the use and protection of personal data, and outlined the responsibilities a business had to protect that data. It superseded the Data Protection Act 1984 and Access to Personal Files Act 1987.

It was amended in 2003 to give individuals more control over digital marketing communications they receive, meaning they must opt-in to receive emails, SMS text messages etc from an organisation if they've never had contact with it before.

What was personal data defined as?

According to data protection principles, and previous regulations, personal data is defined as information related to an individual that can be used either in isolation or in tandem with other data sources, to reveal that individual's identity. If there is such pre-existing data held by a data controller, then personal data also encompasses information that may come under this entity's possession.

This also included expressions of opinion about that person and any intention the data controller or another individual may have in regards to them.

The DPA 1998 also provided protection for sensitive personal data, which was defined as information relating to a person's racial or ethnic origin, political and religious or similar beliefs, membership of a trade union, physical and mental health, sex life, any criminal charges or allegations against them, and any proceedings against them (such as a court case or a prison sentence).

What data formats were covered?

The DPA defined possession of data as that which resided in a machine or on paper in a readable, accessible way. Regarding paper forms of information, the ICO classified paper filing systems as individuals' records being held in a "systematic, structured way" that provided easy access to those individuals' information.

Data was also classified as "accessible records" covering health or education. While this information wasn't necessarily held in a structured, easily accessible way, it was important enough that the DPA stipulated it should still be protected.

Data controllers' "data processing" activities were also subject to the DPA's rules. Processing was a very broad term covering plenty of things, but was thought of as relating to every interaction had with personal data. As the ICO noted, almost any activity concerning data would constitute processing.

What were the penalties for a data breach?

There were a number of penalties and processes available to the ICO when it came to taking action on data protection.

The most material impact was perhaps the possibility of a fine. As of April 2010, the ICO was able to issue penalties of up to £500,000 for offences taking place on or after that date, although the maximum fine was only ever imposed once (against Facebook during the 2018 Cambridge Analytica scandal).

It was also able to lay out processes an organisation should have undertaken in order to improve its data protection posture, and was able to conduct audits to ensure compliance (these could have been consensual or, if necessary, compulsory).

If a breach occurred, in addition to the possibility of a £500,000 fine, the ICO was able to prosecute anyone it believed had committed a criminal offence under the act.

What is the Data Protection Act 2018?

After 20 years, UK data protection regulations received an overhaul following Royal Assent on 23 May. The Data Protection Act 2018 updates the UK's data protection legislation to make it more relevant to the way technology is used today and harmonises laws with that of GDPR.

The act mirrors GDPR in many aspects, including tougher sanctions for data breaches (up to £17 million or 4% of global turnover).

The new Data Protection Act 2018 modernises the UK's data protection framework to account for the value of people's personal data today, offering people stronger rights over what others can do with their data, and requiring companies to gain people's consent to use their information.

Generally, most provisions under the 1998 act have been strengthened, requiring far more from organisations when it comes to seeking consent and holding data for longer than necessary.

When it comes to processing data, companies are now required to make efforts to be transparent, which was not necessarily required under the 1998 act. It's also far more difficult to collect data under the 2018 act, as it needs to have an explicit purpose.

What specific data could be collected was also up for interpretation under the 1998 act, as organisations could use it provided it wasn't deemed "excessive" compared to its original purpose. Under the 2018 act, the processing is limited to only that data considered relevant.

For more information on the new Data Protection Act 2018, and how it works alongside GDPR, head here.

Data Protection Act 1998: Important terms and further reading

Data subject: Data subject is a term used in both the GDPR and DPA. It refers to an individual who is the subject of personal data.

Data controller: As with data subject, data controller is used in the GDPR and DPA. It means a person who individually or with a group of other people decides how and why any personal data is or will be processed.

For more information on the DPA, you can visit the ICO's guide to data protection, and click here for more information on the GDPR.

Pretty much every single business in Europe will have been affected in some way by the introduction of the General Data Protection Regulations (GDPR) back on 25 May. In fact, a lot of businesses were forced to quickly change their data protection policies last minute as the deadline loomed (or just afterwards when the realisation the law was going to change hit).

And that's because the introduction of the GDPR marked the biggest shift in data protection for decades, making sure the data subject (ie., the individual) is protected from unwanted data use such as spam, and of course, prevent their data falling into the wrong hands. It put the subject at the centre of everything, giving them a say into how their data is used and stored.

The GDPR rules apply to all businesses both based in and operating any kind of trade in the EU, so even though the UK is supposedly leaving the EU at some point, the laws will still apply to the majority of businesses. Added to that, even if you don't conduct business with other EU-based companies, the UK's own data laws have changed to be in line with the Europe-wide regulations.

The move doesn't just apply to the protection of customer data - it applies to all of the personal data a company may have access to, such as customer data, employee information, partner records and more.

The Information Commissioner's Office (ICO) is the UK's national data regulator, tasked with enforcing GDPR in the UK, as well as the Data Protection Act 2018, which offers UK-specific provisions outside of GDPR.

This authority, which has been operating up till now under the terms of the Data Protection Act 1998, has outlined in clear terms a set of principles that lie at the heart of how a company should structure their data policies to ensure maximum compliance with modern standards for data protection.

Lawfulness, fairness and transparency

The first principle is quite possibly the most important. All personal data needs to be processed fairly and lawfully, and in a way that's completely transparent. An organisation has a responsibility to inform every individual that they collect data on exactly how that data will be used and who it will be passed on to. The collection, the processing and the disclosure of data must all be done in accordance with the law.

Purpose limitation

Data collection must be for a stated reason that is lawful and transparent, it must not be processed in a way that's at odds with that original purpose.

Data minimisation

Organisations in charge of collecting data are obligated to make sure the information is adequate, relevant and not excessive in relation to the original reason it was gathered. The subject of the data also has the right to access any data held about them, in whatever format that data is stored, whether it be handwritten notes, emails or formal documents.

Accuracy

Organisations are obligated to ensure personal data held is accurate and up to date. This means that an organisation should review information held about individuals at regular intervals and amend out of date or inaccurate information. Individuals have the right to have inaccurate data about them erased or destroyed.

Storage Limitation

When data on an individual has served its purpose, it must be deleted or destroyed, unless there are other grounds for retaining it. Organisations should have a review process in place to clean up databases.

Integrity and confidentiality

The data an organisation has must be kept secure. The data controller has a responsibility to take reasonable steps to ensure the reliability of any employees who have access to personal data. If a third party is used to process data, an organisation must ensure that a contract in place with that data processor which provides for appropriate security measures.

Other principles

The need to process data in accordance with an individual's rights and the transfer of data to countries abroad were two principles under the previous act but were afforded their own separate chapters under GDPR detailing extensively how these applied under the law.

The principle of 'accountability' also applies under the EU's new set of regulations, with data controllers expected to take greater responsibility for what is done with personal data, and how to comply with the other principles. Under this principle, the appropriate measures, and records must be in place to demonstrate compliance when expected.

The government faces the threat of a judicial review if it doesn't scrap a clause from the Data Protection Bill that will deny three million EU citizens access to their Home Office records, privacy activists warned today.

The bill, which aims to incorporate the EU's General Data Protection Regulation (GDPR) into UK law, is being debated in the House of Commons today, where the Open Rights Group and the3million, a grassroots organisation representing the EU citizens resident in the UK, hope the amendment will be thrown out.

If it isn't, the groups have repeated their warning that they will seek a judicial review, arguing that the clause, which denies immigrants access to data that public bodies deem is relevant to "effective immigration control", is unlawful and contradictory to the bill.

"The Data Protection Bill is supposed to be about giving people greater control over their data, but it contains an exemption for immigration cases that does exactly the opposite," said Nicolas Hatton, co-founder of the3million argues is unlawful and contradictory to the bill.

"Everyone should be entitled to know how the Home Office and other government agencies are using their records, and that is why the3million support removing this shocking exemption."

Such a clause, opponents fear, would mean immigrants wouldn't be able to question the Home Office's case for deporting them, leaving them unable to defend their right to remain in the UK.

But the Open Rights Group and the3million are asking for support to fund their legal challenge.

The bill faces its third reading in the House of Commons today, the final chance for MPs to debate its contents.

If the exemption remains, the Open Rights Group warned it could affect those seeking refuge in the UK, those affected by the Windrush scandal and the three million EU citizens who will have to submit their applications for a new immigration status after Brexit.

Jim Killock, executive director of Open Rights Group, claimed the government could use the exemption to cover up mistakes with immigration and deportation.

"People will need their personal records to prove that they are entitled to live in the UK. This is a matter of natural justice," he said.

"Using medical and educational records to trawl for potential suspects is equally worrying, as the government seeks to surveil the population in every way it finds convenient. Mistakes will be made, and lives disrupted or worse."

Other amendments to the bill that MPs will debate include one that would establish a "Leveson two" inquiry into the misuse of personal data by the media. English media organisations that refuse to sign up to an officially recognised regulator - the only current one is Impress - could face punitive legal costs.

A related amendment tabled by the Labour MPs Tom Watson and Liam Byrne proposes to force publishers that haven't signed up to the regulator to pay the legal costs of claimants who make legal proceedings against a news outlet, even if the publisher wins the case.

Their proposal has prompted a robust response from media outlets, such as the Guardian, whose owner,Guardian News & Media, has written to all MPs warning that the proposed amendment on section 40 would "further erode press freedom and have a severe chilling effect".

Picture: Shutterstock

The Information Commissioner's Office (ICO) has fined Basildon Council 150,000 for publishing online the personal data of a traveller family.

The authority breached the Data Protection Act by making publically available data on the family in a planning application.

The ICO discovered that the council received a written statement in support of a householder's planning application for proposed works in a green belt. The statement contained sensitive personal data relating to a static traveller family who had been living on the site for many years.

It referred to the family's disability requirements, including mental health issues, the names of all the family members, their ages and the location of their home. The council published the statement in full, without redacting the personal data, on its online planning portal later that day.

An investigation by the ICO found that the council failed to carry out data protection procedures and training. It was revealed that an inexperienced council officer didn't notice the personal information in the statement, and there was no procedure in place for a second person to check it before the personal data was inadvertently published online. The information was only removed on 4 September 2015 when the concerns came to light.

While the council had routinely redacted personal data from planning documents a practice also adopted by other local authorities Basildon subsequently argued it was not, in fact, allowed to do so under planning law. This was rejected by the ICO, which said planning regulations could not override people's fundamental privacy and data protection rights. It added that publication of planning documents online was a choice, not a legal requirement.

"This was a serious incident in which highly sensitive personal data, including medical information, was made publicly available," said ICO enforcement manager Sally Anne Poole.

"Planning applications in themselves can be controversial and emotive, so to include such sensitive information and leave it out there for all to see for several weeks is simply unacceptable."

"Data protection law is clear and planning regulations don't remove an individual's rights. Local authorities and, indeed, all organisations must be certain that their internal processes and procedures are robust and secure enough to ensure that people's sensitive personal information is protected," she added.

The legal justification used for sharing patient data from a London NHS hospital to Google-owned DeepMind wasn't valid, according to the National Data Guardian.

Health-data watchdog Dame Fiona Caldicott expressed her legal opinion of the controversial DeepMind data sharing deal in a letter to the head of the Royal Free NHS trust, after being asked for advice from the Information Commissioner, Elizabeth Denham.

The NHS trust teamed up with the deep-learning firm to trial a kidney app called Streams, which is designed to predict organ failure and avoid patient illness. As part of that, the trust shared 1.6 million patient records with the Google-owned British startup, a data-sharing move that was called "inexcusable" by academics who examined the deal.

Now, it appears our National Data Guardian agrees. Writing to Stephen Powis, medical director at the Royal Free NHS Trust, Caldicott particularly criticised the justification for the data sharing, saying it was implied that it was for patient care - but she noted that's not what the Streams trial was actually about.

"Taking into account what you have now clarified, it is my view and that of my panel that the purpose for the transfer of 1.6 million identifiable patient records to Google DeepMind was for the testing of the Streams application, and not for the provision of direct care to patients," Calidcott said in the letter, shared Hal Hodson, who initially revealed the data sharing agreement while a New Scientist reporter, and who also co-authored the aforementioned paper.

"Given that Streams was going through testing and therefore could not be relied upon for patient care, any role the application might have played in supporting the provision of direct care would have been limited and secondary to the purpose of the data transfer," she wrote. "My considered opinion therefore remains that it would not have been within the reasonable expectation of patients that their records would have been shared for this purpose."

Caldicott has shared that opinion with the Information Commissioner as part of the data watchdog's investigation.

Caldicott added that guidance would be "useful" to organisations looking to test such technologies with patient data, and stressed that her and her panel of experts "keenly appreciate the great benefits that new technologies such as Streams can offer to patients".

However, she stressed that misusing patient data could delay the use of such technologies. "As I know you also appreciate, wherever patient data is used, it is absolutely paramount that this is done in a transparent and secure manner, which helps to build public trust, otherwise the full benefits of such developments will not be realised, and indeed harm may be done."

DeepMind altered its data-sharing setup with the NHS after the initial round of complaints, and has since set up more trials.

Update: it would appear that Theresa May et al's grasping hands may be kept away from our personal data after all. The Investigatory Powers bill has been struck down - sadly not by public outcry and concerted demonstrations that reinforced the country's resistance to dystopian state surveillance, but by the European Court of Justice.

The court ruled that the bulk data collection outlined by the Snooper's Charter in all cases other than when it was specifically related to "serious crime". Although it told Ars Technica it has some ominously vague backup plans in place, the Home office has nevertheless confirmed that it has put the plan on hold, for now.

Privacy campaigners should not be resting on their laurels just yet, though. The government is likely to be exploring other options in order to reinstate bulk data collection. Worryingly, the political climate has now become so chaotic that any future versions run the risk of passing with even less scrutiny than the original.

The ECJ's decision is a heartening one for those of us who don't wish to surrender our online identities to the security services but, make no mistake, this fight is far from over.

---

Do you like to be watched?

If the answer is no, I've got some bad news for you. The Investigatory Powers Bill - commonly known as the Snooper's Charter - has been passed by Parliament, meaning the government now has the power to examine and dissect virtually every element of your online life.

Although privacy campaigners and most of the security industry have been up in arms about the Snooper's Charter, it has met largely with apathy from the general public. That's understandable; mass surveillance is a difficult concept to fully wrap one's head around, mainly due to the sheer size of it.

It's virtually impossible to comprehend this kind of issue without putting it in some kind of context. When John Oliver interviewed whistleblower Edward Snowden about similar US surveillance programmes, he used the analogy of whether or not the government was able to spy on people's "dick pics". I'll attempt to employ a similar, if less crude, analogy here.

Let's say, for example, that you decide to visit a porn website. Under the new laws, the government will be able to see:

• Which site you visited
• What time you visited it
• What kind of device you visited it from
• Which browser or app you used to visit it
• Your physical location when you visited it

The same goes for any app that uses the internet. Made a Skype call? Government agents will be able to tell who you called, from where, for how long and much more. They can tell when you upload photos to iCloud, and when you open up Instagram. The only limit, an admittedly sizeable one, is that they can't directly read what you said or wrote.

We've all deleted our internet history at one point or another, but once these laws come into effect, your internet provider - as well as the provider of any communications service like WhatsApp, Snapchat, and Facebook - will have to store your entire history for a full year.

Another element of the incoming law now gives the government the right to hack into your devices. That means they can break into your laptop, tablet or smartphone, go through the data stored on it, or even install keylogger software that can tell them exactly what you're typing, as you're typing it.

While many (although not all) of the powers outlined in the act require a warrant, many people have raised questions about this process. For example, in order to access your internet connection records, most government bodies only need approval from an internal officer within the department, rather than a judge.

In order to hack your computer or phone, a warrant must be issued by a senior official - a chief constable in the case of the police, or a Secretary of State in the case of spy agencies - and then approved by a special judge. But that judge will be legally compelled to approve warrants in all but the most extremely unreasonable of circumstances.

One of the most common arguments is that the end justifies the means, and that this is a small price to pay for fighting terrorism. But what about fighting unpaid parking tickets? In order to access your internet records, agencies must show that they've got a good reason, but while the government lists issues of national security and public safety as acceptable reasons, it also says that public bodies can look at your internet history for the purposes of collecting taxes, duties, or any other financial contribution owed to the government. It can also look at your data in order to serve "the regulation of financial services and markets".

There's an argument that says if you've got nothing to hide, then you've got nothing to fear. The problem with that is, it's frighteningly easy for governments to move the goalposts, and the definition of 'something to hide' can change overnight. For example, a part of the Digital Economy Bill, currently being looked at by Parliament, would ban any websites showing videos of 'non-conventional' sex acts - including spanking and female ejaculation.

If the government decided not only to ban this kind of content, but also to make viewing it a criminal offence, it would already have all the tools it needed to track down and arrest you in minutes - all for watching a bit of slap and tickle.

Systems like this are notoriously vulnerable to abuse, too. Not only would the agencies themselves have to trust that none of their employees will exploit their access to a vast and comprehensive database of their friends and families' secrets, they would also have to protect against the legions of hackers that would love nothing better than to get access to the entire country's internet records.

This is something that has proven notoriously difficult for them in the past; two-thirds of London councils have suffered data breaches in the last four years, while in the last five years, the police have had more than 2,300. This is not particularly encouraging when the government is essentially discussing creating a centralised database of all of our internet activity.

Theresa May is hoping that this bill will pass unnoticed into law; that you will be too busy worrying about Brexit, and Trump, and your own personal stresses to care about the monolithic and terrifying surveillance apparatus that is being assembled around you.

We don't have to let that happen. It may be too late to stop this bill from being passed, but it is not too late to show this government that we will not consent to having our every action monitored, our every movement filed and our every conversation logged.

If you believe that privacy is not a luxury, and that the government's surveillance powers can and should be tempered in a democracy, there are ways to fight back. Use a VPN. Donate to privacy groups. Write to your MPs and elected officials. Protest.

Most UK business leaders believe in the value of using data and analytics, but say they lack confidence in their ability to measure its effectiveness and impact, and mistrust the analytics used to help drive decision making, according to a new survey.

The report, titled Building Trust in Analytics, by KPMG, found that business executives are not very confident in the insights they are deriving from data and analytics, particularly in the areas of: risk and security where only 45% are very confident in their insights, 40% for customer insight and only 37% were very confident about their insights around business operations.

Around 70% of UK executives believe that by using data and analytics they expose their organisations to reputational risk, according to the survey of 2,165 respondents from 10 countries, including 250 respondents from the UK. The research was carried out by Forrester Research for KPMG.

The low levels of trust may originate at the top and filter down through the organisation, the survey data suggests. Nearly half of respondents report that their C-level executives do not fully support their organisation's data and analytics strategy. This low level of confidence points to a lack of trust in the insights generated by D&A, which may be due to D&A's inherent complexity, plus a human instinct for emotional decision making.

"As analytics increasingly drive the decisions that affect us as individuals, as businesses and as societies, there must be a heightened focus on ensuring the highest level of trust in the data, the analytics and the controls that generate desired outcomes," said Paul Tombleson, UK Head of Data & Analytics at KPMG.

"Failing to master analytics will not only make it increasingly hard for organisations to compete, but will expose their brands to new and growing risks. Seventy percent of UK executives believe that by using data and analytics they expose their organisations to reputational risk."

Google has announced plans to build an undersea cable network linking Los Angeles and Hong Kong, connecting the two cities for the first time.

In a partnership announced on Wednesday, which also includes Facebook, Pacific Light Data Communication and TE SubCom, Google revealed plans for a submarine data system that will stretch 12,800km of fiber cable across the Pacific Ocean. The Pacific Light Cable Network (PLCN) will provide an estimated capacity of 120Tbits/sec, the highest capacity provided on the trans-Pacific route.

This smashes the current record held by FASTER, another Google undersea data network that went live in June with a 60Tbit/sec capacity. The PLCN will join FASTER and 5 other cable networks transferring data across the Pacific and parts of South America, with plans to be operational sometime in 2018.

This capacity has the potential to provide businesses with enough data to stream 80 million HD video conference calls simultaneously between the cities.

In the press release, Google said: "PLCN is designed to accommodate evolving infrastructure technology, allowing us to independently choose network equipment and refresh optical technology as it advances."

"PLCN will bring lower latency, more security and greater bandwidth to Google users in the APAC region," the company added.

Yesterday Nokia announced that lab trials had successfully achieved a record breaking 65Tbits/sec data transmission over a single fiber cable. The Finnish multinational said this technology could be deployed over the next few years.

Donald Trump's Aberdeenshire golf resort will not be investigated or prosecuted, despite failing to register with the Information Commissioner's Office under the Data Protection Act.

Every company that handles personal information is required by law to register under the DPA, but Trump International Golf Links Scotland, established in 2012, failed to do so until Thursday, the ICO told IT Pro.

The hotel and golf course complex has now registered under the act, and the data privacy watchdog says that it has no intentions of prosecuting the organisation for its four-year lapse.

"Where data controllers respond to advice from the ICO that they need to notify and complete the registration process," a spokesperson said, "it generally would not be a proportionate response to then commence a prosecution.

"We treat those that we regulate in a consistent way and to pursue the golf course in these circumstances would be inconsistent to how we have dealt with others in similar circumstances."

However, an ICO spokesman pointed out to IT Pro that just because an organisation is registered under the Data Protection Act does not mean that it is automatically compliant with it. Trump's resort could still find itself in hot water if it does not take adequate steps to ensure the security of its' customers' data.

The company, which claims to have hosted tens of thousands of guests, told The Guardian that the lack of registration was a "clerical oversight".

"We take the security of our employees and guests' personal data very seriously," a statement read, "and comply with all aspects of the Data Protection Act."

Kaspersky has revealed the cost of restoring data on a device, whether mobile, tablet or computer, following a ransomware attack is $682, despite hackers demanding an average of $300 to release the device's storage.

However, 39 per cent of the respondents Kaspersky questioned said the cost to restore data on their device has actually cost $1000 or more.

At least 40 per cent of those who fall victim to a ransomware attack pay the hackers the ransom demanded, without seeking alternative help first, the research revealed, which demonstrates why attackers are usually so successful in their methods.

Despite these revelations, smartphone and tablet users are still storing important information on their devices such as photos, video, messages, contacts that could not be easily restored if they were lost or held to ransom.

However, the element respondents would miss most if it were to disappear forever would be personal messages, whether SMS, WhatsApp or those sent on other messaging platforms. 27 per cent said they would be most upset if they lost their photos.

"It is interesting that people value their data highly and understand its irretrievability, but do so little to protect it preferring to solve problems as they arrive," Elena Kharchenko, Head of Consumer Product Management, Kaspersky Lab said.

"However, in cases of malicious encryption, even paying a ransom does not guarantee that the data will be returned to the owner. Unfortunately, ransomware is not the only threat jeopardising personal data. For example, data may be lost or stolen together with a device. This all means that careless user behaviour may result in an emotionally upsetting experience as well as considerable financial loss."

Kaspersky added that bearing in mind how protective people are of their data, it's surprising more don't adequately secure their devices. Only nine out of ten respondents have installed ransomware protection on Windows machines, while six out of ten have not put measures in place to protect their Macs.

Banks should open up data, including product and services information, to consumers in order for them to make more informed choices about services and value for money, a new report has urged. However, security industry figures have warned that any framework put in place must be secure.

In a report published by the Open Banking Working Group (OBWG), a new framework was unveiled that supports the use of open APIs in the banking sector with a number of measures put forwars on how to deliver them.

It said these APIs would be created so additional services could be built using bank and customer data. These would include open data about products and services as well as shared data about bank transactions that individuals or businesses can choose to share themselves through secure and controlled means.

It added that bank data, including information about banks' products and services, should be made available as open data so that services can be built allowing customers to get more out of their financial relationships.

"Banking as a service has long sat at the heart of our economy. In our digitally enabled world, the need to seamlessly and efficiently connect different economic agents who are buying and selling goods and services is critical," said Matt Hammerstein, co-chair of the OBWG and Barclays' head of client and customer experience for Personal and Corporate Banking. "The Open Banking Standard is a framework for making banking data work better: for customers; for businesses and; for the economy as a whole."

Fellow OBWG co-chair and ODI CEO Gavin Starks said the efforts of the OBWG and the Open Banking Standard "demonstrate the powerful result of leaders coming together to wrestle substantial challenges facing the banking sector."

"It will also set precedents across many sectors: a strong data infrastructure will be as important to the UK's economy today as roads have been to our success in the industrial economy for over a century."

The report said a minimum viable product for an Open Banking API based on open data is recommended to be launched towards the end of 2016, with personal customer transaction data included on a read-only basis starting at the beginning of 2017. The Open Banking Standard's full scope, including business, customer and transactional data, should be reached by 2019, according to the report.

However, Florian Malecki, international product marketing director at Dell Security, warned that if UK banks are to open up customer data to third parties, they must "follow a three-phase IT security process to ensure data are fully protected along their journey".

He said that banks must ensure that their partners' and their own networks have adequate network security protection before, during and after the data transfer.

"Both banks and third parties should anticipate an increase in data traffic and have next generation firewall technology in place which can ramp up network protection during particularly busy transfer periods," he said.

He added that banks should guarantee that customer data are sufficiently encrypted prior to sharing with third parties.

Lastly, he urged banks to ensure that both they and third parties have adequate identity and access management controls in place when receiving customer data to ensure they are viewed only by those who have a valid business reason to do so.

"If this measure is not followed, data could be viewed by unauthorised parties, resulting in failed audits or malicious or unintentional public disclosure of personal data that could impact the bank's reputation," said Malecki.

The Information Commissioner's Office (ICO) has told manufacturers of Internet of Things devices they should make better attempts to notify people that data could be collected on them.

Speaking in a keynote speech at the IoT Tech Expo in Olympia, London, Simon Rice, technology group manager at the ICO, said that the IoT industry has to comply with data protection when collecting personal data.

There could arguably be some confusion over what constitutes personal data and Rice set out a few examples of where data is personal and where it isn't. He said that for wind turbines, wind speed wasn't personal data, but if there is data on who is repairing the turbine then that particular data is personal. With bridges, while data could be collected about the cars using it, vehicle registration data could be used to pinpoint the owner or driver and would therefor be considered personally identifiable information.

What definitely is personal data are Mac addresses used in smartphones. "An IPv6 address could be personal as it would be specific to that device," he said. He added that even if individual identification is not the intended purpose, the implications of IoT for privacy and data protection are still significant.

He said that manufacturers should care about personal data and pointed to studies carried out by the ICO found that around 20 per cent of people would stop using a service if a data breach occurred with that service, another 60 per cent could reconsider the service in light of a breach. "Companies could potentially lose up to 80 per cent of their customers in a data breach," he said.

Rice added that the ICO would also take enforcement actions against such firms involved in an incident of that nature.

He also said there are aspects of data protection that are special to IoT and there was potential for covert data collection."People buying smart TVs may not be aware of the data being collected," said Rice.

He asked delegates if any of them had read the privacy policy of the event there were attending, none put their hand up. He showed them the privacy policy and said that "most people wouldn't read this and it would be beyond most expectations to assume they did."

"We want to make sure that people can find privacy policies connected to IOT devices," said Rice.

Rice's comments come on the same day it was revealed toy maker VTech, which recently suffered a hack on its database, has changed its terms and conditions in an attempt to lay the responsibility for the protection of children's data at their parents' door.

The European Union has finally unveiled its Open Data Portal that will allow public sector organisations from 32 European countries to share data between themselves.

The portal will bring together public data from all over Europe into one central place, holding 240,000 datasets from the participating countries, and over 13 content categories ranging from health to transport to justice.

The portal will enable citizens, businesses, journalists or administrations to search, access and re-use the full data for any purpose.

Wendy Carrara, principal consultant at Capgemini Consulting, one of the firms that has been working on the project, said in a blog post: "Its goal is to be a gateway offering access to data published by administrations in countries across Europe, from the EU and beyond."

"Additionally we will support public administrations in publishing more data as open data, and have targeted actions to stimulate re-use," she added.

"By taking a look at the data released by other countries and made available on the European Data Portal, governments can also be inspired to publish new datasets they had not though about in the first place."

In a study carried out by the European Data Portal team, the market for open data is expected to grow by 36.9 per cent to 75.7 billion by 2020.

The report also said that the EU28+ countries had completed just 44 per cent of the journey towards achieving full open data maturity, but there are large discrepancies across countries.

However, the UK leads the way with solid open data practices, according to the report. It had the highest national traffic to its own open data portal in Europe with 175,400 visitors a month.

The report also said that the effective use of Open Data could help save 629 million hours of unnecessary waiting time on the roads in the EU, and help reduce energy consumption by 16 per cent.

The accumulated cost savings for public administrations making use of Open Data across the EU28+ in 2020 are predicted to equal 1.7 billion, the EU claimed.

The portal is part of a project by the EU to create a single digital market.

Governments are making far more data requests from Facebook than ever before, with the UK asking for the third highest number of information records from the social network.

The UK asked for 4,489 user or account details between January and June 2015, according to Facebook's latest bi-annual Government Requests Report spanning the period, with 78 per cent of those requests being successful.

This is a 71 per cent year-on-year rise, and the number is 82 per cent of the 5,509 total data requests Whitehall made across the entirety of 2014.

CEO Mark Zuckerberg's social network claims that it only responds to "valid requests relating to criminal cases", and that every demand is "checked for legal sufficiency".

However, this is likely to be of little comfort to data privacy advocates, many of whom have criticised the track record of both Facebook and the government.

Whitehall's 'Snooper's Charter', which proposes the mandatory storing of people's internet histories, has been lambasted in particular, with the bill coming under significant fire from everyone from Edward Snowden to Dell.

Only the US and India surpassed the UK's demand for Facebook data, with the US making an unrivalled 26,579 user or account detail requests, and India asking for information on 6,268 users or accounts.

India was also the country that blocked the most Facebook content, restricting over 15,000 posts on the grounds that they contained "anti-religious and hate speech that could cause unrest and disharmony within India".

Technology cannot be allowed to take precedence over the fundamental human right to privacy, according to an EU data protection expert.

Speaking to delegates at the annual iSSE security conference today, Wojciech Wiewrowski, assistant European data protection supervisor, said the existing European data protection legislation, written in 1995, has little bearing on the world of today.

"We all know the world of 1995 looked completely different from the point of view of processing all the data, including personal data, than it looks at the moment. Yes, we had email accounts, we used the internet in 1995 ... but that was a different world," he told the audience.

"I don't mean only the fact there were no social networks in this time, I mean also there was no worldwide web at this time, we were encoding and decoding the data ... we were using Gopher [an IP application layer protocol to distribute, search, and retrieve web files]."

Wojciech Wiewrowski speaking at the iSSE security conference

However, while the world may look different, Wiewrowski said, that doesn't mean values have to change.

"We don't want the technologies to change the values that this society is built on. This society is built on the values that are in the core of human dignity and that simply means that recognising that the world is changing [so] we should adapt ourselves to the situation, but it does not mean that we should forget or we should abandon the rules that we had in the past," he said.

Wiewrowski added that this is central to the General Data Protection Regulation (GDPR) that is currently in the final "trilogue" stages of discussion, where the European Commission, European Parliament and European Commission come together to work out the final draft.

"The centre of the data protection is the data subject, which ... I would like to stress, is not only the data subject, it's a human being. It's a human being with dignity and that's what all this law is built around," he said.

Arguing that in order to enforce this, there needs to be a good balance between ethics and legislation, the supervisor contended that technology needs an emphasis on privacy by design.

"[It] is not enough to think about only the law. It is not enough to talk only about the matter of compliance. Actually, ethics is something that should be in the core of the activity of the ... information managers, information engineers," he said.

"Those who are really the data miners, who are building the logics of the data mining, the only thing that makes them behave well is the ethics and the good penal law."

The final GDPR text is expected to be published by the end of the year.

Requirements in the proposed Investigatory Powers Bill, unveiled yesterday, for ISPs to store the history of every website visited by every individual on every device in the UK have been called into question at a technical level.

Under the proposed law, ISPs and mobile networks would have to retain what the government has termed "Internet Connection Records", or "ICRs" for up to 12 months.

ICRs comprise details, including IP addresses, of the websites that individuals visit, although not necessarily what content they access there, nor what actions they perform.

While this has caused concerns among privacy and security professionals and campaigners, the practicality of this requirement is also now being called into question.

"Unfortunately, this legislation unlocks more questions than it answers," said Bharat Mistry, a cybersecurity consultant with Trend Micro.

"If a Communications Service Provider (CSP) is required to capture this data and store it, there is a question around who is going to fund the infrastructure costs? This isn't just about the physical infrastructure assets but environmental sucha as power, cooling and physical security costs have to be considered," Mistry said.

"CSPs are already saying that data storage repositories are growing at an unmanageable rate - so how can this quantity of data be managed and securely transferred and stored?" he added.

Tarkan Maner, CEO of software-defined storage firm Nexenta, struck a similar note.

"While politicians and privacy campaigners are likely to continue to debate the ethical implications of the findings, and subsequently the terms of the bill, the big question that the IT industry is asking is how will this add to the already unsolved challenge of Big Data collection," said Maner.

"From a business perspective, we already find ourselves in a position where data collection is overwhelming the technology being used to collect and store is - and storage is emerging as a bottleneck to address. The industry, and bodies affected by the draft charter must move now and prepare their infrastructure to cope with this explosion of data," he added.

Snapchat's amended terms and conditions have come under fire, after they stated the company now has the rights to reproduce, modify and republish photos uploaded to its live stream feature, saving them to the social network's servers if it wishes.

"You grant Snapchat a world-wide, perpetual, royalty-free, sublicensable, and transferable license to host, store, use, display, reproduce, modify, adapt, edit, publish, create derivative works from, publicly perform, broadcast, distribute, syndicate, promote, exhibit, and publicly display that content in any form and in any and all media or distribution methods," the Terms of Service were changed to read.

Unsurprisingly, this caused a public uproar with users and privacy groups criticising the changes in policy.

"With the recent changes to Snapchat's terms and conditions, the company has signaled its turn away from simply offering an app that gives people the possibility to secretly send pictures to friends," David Emm, Principle Security Researcher at Kaspersky Lab commented.

"They now grant themselves the right to store, process and sell those pictures. This may seem to be a logical step in terms of revenue generation, but is a rather debatable move from a privacy and data security perspective."

He explained app users should seriously consider what the new terms and conditions mean for their privacy - after all, it's essentially giving the company permission to do as they like with your photos, including selling them.

Facebook retracted similar terms and conditions back in February year following pressure from users and the EU data protection officials. The new terms and conditions granted the company permission to share data with a number of third-party apps including Instagram.

"As a customer you do not have the possibility of tracking where, when and by whom your pictures are accessed and used. This can lead to a serious breach of your privacy, Emm continued. "We would reiterate what we always say about pictures on the internet: think about what you are posting before you do so because you may not have any control over what happens to those pics."

However, following the news that is was updating its terms and conditions, Snapchat released a statement clarifying any pictures sent to friends will remain to be private.

"The important point is that Snapchat is not - and never has been - stockpiling your private snaps or chats," the company wrote in a blog post.

Transport Systems Catapult, the government-backed innovation centre for intelligent mobility, has launched the UK's first catalogue for transport-relevant data sources.

The Intelligent Mobility Data Index, as it has been called, is available online and is designed to help organisations access useful data more easily, driving innovation in the transport sector. Information available to companies will include where the data is held, who it is held by, how they can access it and how much it might cost.

Dr Paul Zanelli, CTO at the Catapult, said: "There are a considerable number of data sources out there that may or may not be transport specific, but which could all support the development of new intelligent mobility products and services if we can show people where they are and how they can be accessed.

"Many of these are held by organisations that may not realise their data could be incredibly valuable to the transport community. From weather trends to social media usage statistics, the spread of data which has the potential to support new transport technologies is vast."

The index offers information on more than 200 data sources, with an estimated 70 per cent of them open access.

"Our job is to facilitate access to as much of that as we can so that people working on new technologies for intelligent mobility have an easy way to apply what is already out there today," Zanelli added.

"That is why we are appealing to as many organisations as possible to let us know what data they can offer and to consider opening up access to that data so we can all benefit from its applications to the innovation process."

Transport Systems Catapult is a private organisation that works with government, academia and the transport industry to aid invention, with chairman Will Whitehorn expressing his optimism about Britain's position in the future of mobility innovation at last week's Imagine Festival.

"There's not enough space now to continue building new railways all over the place, and it's very expensive, so making the existing ones work better is an important ability," he said. "Britain has that ability in spades, so I think the Catapult working with the industry can actually help Britain become a world leader in the future of intelligent mobility."

Last week, Paris saw the return of the Connected Conference. An annual event focused on connected living and the Internet of Things, the conference featured numerous panels with industry leaders, many of whom shared insights about the nascent field.

One of the key themes of the Connected Conference was big data. With the increasing number of connected devices that make up the Internet of Things, companies have more and more sources collecting information on a daily basis.

The rate that new data is being acquired is staggering. According to its CTO Bernard Ourghanlian, Microsoft has over an exabyte of data in its public cloud environment, with around seven petabytes of new data storage acquired every month.

All that information has to be sorted through and collated, as Camille Loth of m2oCity points out. Often, he says, we spend so much time focusing on Big Data, that we forget about what he terms "small data".

According to Loth, this small data is the segment of information that is relevant to end users. "From this enormous amount of data," he says, "you need to extract something that is precise and actionable".

Rather than bulk-collecting as much information as possible, Loth believes that not all data is created equal, and that companies need to be selective in what they use.

After all, as Plume's Romain Lacombe says, "data is a tool to make our environment understandable". Plume's app measures pollution levels, showing changes throughout the day, allowing people to plan runs, dog walks or family outings accordingly.

A common consensus among the panellists was that data collection in and of itself has little value. David Tomas of Opendatasoft noted that "data is and will remain subjective", agreeing that "what's key is how you build services" based on that information.

As Tomas says, "contextualisation is key", and this is one of Big Data's core issues; "data needs to be described". This divide between raw and actionable data could be why, according to Loth, enterprise only uses ten per cent of all data collected, with 60 per cent "never used in any way".

Similar to Tomas' assertion that "we need to know where it comes from, when it was last updated", Loth reiterated the necessity of precision data-collection. He points out the difference in quality between $100 and $500 sensors, and urges companies to factor this into their use of Big Data.

Fundamentally, while companies like Opendatasoft view Big Data as a "tool for empowerment", it must be presented in an understandable format, both to users and to actors within the company. "It's really about design," Loth says, "because that's what translates technology into meaning in our everyday lives".

Data privacy in the IoT

In the post-Snowden age, data privacy is a watchword throughout the IT industry, and the connected space is no different. Ourghanlian acknowledges that "who the data belongs to is a very important topic", raising the question of whether the information gathered belongs to the users or to the services they give their data to.

There are many who feel that companies using Big Data in an IoT space need to radically rethink their strategies. Privacy advocate Tristam Nitot, late of the Mozilla Foundation, was particularly critical of IoT providers' current policies.

One of the principal merits of having a connected home, he says, is the ability to know who's in your house, who has access to your smart lock, what temperature you like your heating set to, and so on. Unfortunately, rather than consumers having access to all that information, "what we have instead is Google and Nest owning this data".

Nitot branded IoT companies like Google who jealously guard their data as "greedy". However, as IoT evangelist Liam Boogar pointed out, "you can't make money by giving people their data". Instead, user information is being increasingly treated as a corporate asset.

While this is understandable from an enterprise standpoint, the implications are slightly concerning. Nitot noted that "one of these days, one of these companies is going to be desperate". At that point, it becomes a question of what they will be willing to do with their collected user data, and as Boogar recognised, "when things are really bad, you sell your assets".

Tomas urged governments and public authorities to open up their data, stating that the privacy of information is becoming "the key political question of our age". He also said that private companies need to "rethink the way they operate internally, and the way they exchange assets with their partners".

Although moving into the IoT space is "a big culture shift" for large companies, the attitude at the conference was one of optimism. There was much talk of the possibilities that IoT devices open up for the leveraging of Big Data, with one expert calling it the "new product".

BT should open up its dark fibre network to rivals, according to Ofcom, in a bid to improve competition in the 2 billion leased lines' market.

This market provides high-speed data links used by businesses, organisations like universities, and mobile operators to transfer data on their networks.

The regulator wants to increase competition in the market as people's data usage rises through greater smartphone and tablet adoption, and as companies increasingly rely on internet services.

Under the proposals, BT would have to give competitors physical access and direct control over its fibre-optic cables, known as dark fibre because rivals would light' the cables at either end with their own equipment.

Currently, the telco giant is already compelled to offer leased line products for use by its rivals, but these are bundles of fibre-optic cables and BT's own network gear.

If Ofcom's rules are passed, it would mean rivals would no longer have to pay for BT's equipment, allowing them to create tailored, high-capacity data services using BT's cables with their own hardware.

Ovum analyst Matthew Howett said the proposal comes after years of lobbying from companies like Vodafone.

"For many years now there have been calls for Ofcom to force BT to offer a dark fibre product. Today those calls have been answered," he said.

And he added that the planned measure may "partially reassure" rivals that competition will remain even if BT becomes a quad-play offering if the regulator approves its 12.5 billion acquisition of EE.

He said: "Vodafone, for example, has been particularly vocal about the need for a dark fibre product to connect base stations and backhaul mobile traffic without fear of interference from BT.

"This is relevant since BT currently provides all UK mobile operators with high-speed mobile backhaul links."

And the move was welcomed by BT rival network provider, Colt.

Barney Lane, director of regulation at Colt, said: "It will help spur innovation and incentivise connectivity providers like Colt to roll-out new services.

"Up until now, alternative connectivity providers haven't been able to roll out new superfast fibre using the incumbent's passive infrastructure, so businesses are struggling with outdated, slow connectivity, which is holding them back."

Broadband roll out

Ofcom also wants to enforce more demanding performance requirements on Openreach as part of its Business Connectivity Market Review.

BT's network arm installs and maintains connections to BT's network on behalf of rivals, but the regulator is concerned that it takes too long to install dark fibre connections.

It claimed the average time between a customer order and the line being ready has increased to 46 working days from 40 working days in the last four years.

It wants to force Openreach to meet original deadlines in 80 per cent of cases by 2016, and 90 per cent of cases by 2018.

Jonathan Oxley, Ofcom competition group director, said: "High-speed, fibre optic leased lines are invisible to most people. But they form a critical building block in the UK's infrastructure that underpins people's personal and working lives.

"Today's proposals should help businesses across the UK who rely on high-speed data lines. We want to see more innovation, faster installations and more competition, by providing operators with the opportunity to deploy the technologies of their choice."

BT hit back at the proposals, claiming the measures would harm its network investments and risk singling out a few companies for success.

A spokesman said: "Openreach's current offer creates a level playing field and a vibrant, competitive market with hundreds of competing companies, large and small.

"Mandating dark fibre risks favouring a few companies that have the greatest capability to deploy it, to the disadvantage of all other firms.

"It will undermine investment - as a number of service providers have warned - and it would also increase costs, divert resources and add more complexity just when we're beginning to make progress on improving service."

The Business Connectivity Market Review proposals are open to consultation until 31 July, with Ofcom's final decisions not taking effect until April 2016.

EMC has made its ViPR controller product available for free through an open source licence in response to customer demand.

The software-defined storage product will become the first software solution belonging to EMC to become an open source project, dubbed Project CoprHD (pronounced Copperhead).

It will be made available on GitHub for community-driven development under the Mozilla Public License (MPL 2.0).

This includes all the storage automation and control functionality that separates the data and control planes for operation.

Among other firms supporting the initiative are SAP, Verizon and Intel.

Speaking at EMC World, the firm said it wants to encourage all storage vendors to contribute to Project CoprHD, "further expanding the ecosystem and embracing open and standard APIs".

With the project, "customers, partners, service providers and system integrators can develop new service catalogue offerings with automated workflows to meet their customers' specific needs", said EMC.

"Building a strong developer community is crucial to the future success of EMC's software-defined storage and storage automation and management products," the firms added in a statement.

Both Project CoprHD and ViPR Controller will share core features and functionality, but ViPR Controller customers will get support and services from EMC.

Meanwhile, any changes made to Project CoprHD by the community will get fed back into ViPR, if EMC likes them.

EMC also offered its ScaleIO software as a free download for non-production use, without any time or capacity restrictions. It said the move would allow customers to create full-fledged ScaleIO environments for free non-production use before upgrading to a paid production licence.

"For anyone left confused, today's announcements prove this is not your father's EMC," said Jeremy Burton, president of products and marketing at EMC.

"By offering access to Project CoprHD, the open source version of EMC ViPR Controller and free downloads of EMC ScaleIO two key enabling pieces of our software-defined storage portfolio EMC has turned a corner by delving more deeply into open, collaborative software development with our customers, partners, developers and competitors.

"This represents a massive shift in our strategy that we believe will help accelerate our customers' efforts to develop new application-centric business models."

The Liberal Democrats would curb government spying and give people greater control over their personal data if the party returns to Whitehall after the general election.

That's according to the party's election manifesto - here are the highlights that affect the world of tech.

Personal data and privacy

Privacy would be safeguarded by the Lib Dems, who also back people and businesses' ability to use strong encryption to protect their data a marked departure from Prime Minister David Cameron's desire to outlaw encrypted communication services.

Earlier this week, leader Nick Clegg revealed he would introduce a Digital Bill of Rights if elected, that would forbid the government from watering down anyone's cyber security measures.

Data thieves would get prison sentences under the bill, while authorities could only invade someone's privacy where there's reasonable suspicion of criminal activity.

Building on their opposition of the Snooper's Charter, the Liberal Democrats would oppose the blanket collection of people's personal data by police or government bodies, promising privacy would be "the norm".

The manifesto read: "Requiring companies to store a record of everyone's internet activities for a year or to collect third-party communications data for non-business purposes is disproportionate and unacceptable, as is the blanket surveillance of our paper post."

It would also ban electronic Mosquito devices, which are sold as anti-loitering' devices emitting high-frequency noises to disperse young people from areas in which they may gather.

"In the modern digital age, the power of the state and of corporate interests can threaten our privacy and liberty," added the manifesto.

"There will be a complete overhaul of surveillance powers in 2016. We need to ensure this and other opportunities are seized as a chance to control excessive state power, and ensure that in an era when surveillance is easier than ever before, we maintain the right to privacy and free speech."

SMBs and start-ups

While the Tories have set a target for 30 per cent of public procurement to be spent on SMBs, the Lib Dems are more vague simply promising to continue working to open up procurement to SMBs.

However, it would seek to establish a British Business Bank to tackle the lack of equity capital for start-ups and entrepreneurs.

There's also plans to build on London's Tech City, and other tech clusters such as Cambridge's, to create a network of such scenes acting as incubators for tech talent and businesses around the UK.

By supporting fast-growing businesses, the Lib Dems hope to create a million jobs over 20 years.

Education and skills

STEM subject take-up would be promoted in schools, while coding would stay on the National Curriculum under the Lib Dems.

To do this, primary schools would be encouraged to each have at least one science specialist, while secondary school teachers would be pressured to have degrees in the subject they teach.

Young people could take part in digital skills courses, as could unemployed people, an initiative alongside private sector employers and education or training providers.

When it comes to the skills gap, the Lib Dems would expand the number of foundation degrees, Higher National Diplomas, Higher National Certificates and Higher Apprenticeships to create more technically-skilled specialists.

The party wants Britain to be a hub of manufacturing, science, creative, digital and green industries, open to foreign entrepreneurs.

Digital government and open data

There's less in the manifesto on digital government, but the party is keen to continue making public services digital by default, a process set in motion by the coalition under the Government Digital Service (GDS).

Clegg's party wants to keep the GDS going and develop it, expanding the drive to digital into local government, too.

Looking at government datasets, the Lib Dems don't differ from Labour and the Conservatives in that they support an open data policy, releasing information in an open and accessible format.

Broadband

While Labour promises total superfast broadband coverage of Britain by 2020, and the Tories offer 95 per cent coverage by 2017, the Lib Dems say they will ensure 99.9 per cent coverage by 2020.

Twitter has ended its partnership with social analytics firm DataSift, sparking accusations from its ex that it has "seriously damaged" the data reselling ecosystem.

The social network plans to move its data reselling in-house to start-up Gnip, which it acquired last year, continuing its licensing of user data to external analytics companies.

But DataSift CEO Nick Halstead took to a blog post to accuse Twitter of betraying analytics firms that rely on the social site's vast swathes of information.

He wrote: "The bottom line: Twitter has seriously damaged the ecosystem this week. Eighty per cent of our customers use technology that can't be replaced by Twitter. At the end of the day, Twitter is providing data licensing, not processing data to enable analysis.

"Twitter also demonstrated that it doesn't understand the basic rules of this market: social networks make money from engagement and advertising."

However, he also made sure to say his firm is moving on and will be fine, thanks for asking.

"Our business model has never relied on access to Twitter data," he claimed. "And if you've heard any rumours about us extending our reach into business-owned data, well, they're true."

Gnip also weighed in on the furore, saying Twitter's motivation behind buying it was to bring its relationships with data customers closer, ensuring it's more connected with analytics solutions being created by customers using its data.

Zach Hofer-Shall, Gnip's head of Twitter ecosystem, wrote in a blog post: "The next step in working directly with data customers is to transition everyone receiving raw data for commercial use from other data resellers to a direct relationship with Twitter.

"After this transition is completed, companies using raw Twitter data for commercial use to build products, to analyse internally, and to serve other commercial purposes will need to have a direct relationship with Twitter."

The government has appointed its very first chief data officer, revealing Government Digital Service (GDS) chief Mike Bracken will fill the role.

Bracken, who has pioneered digital transformation in Whitehall at the reins of the GDS, will take on the CDO job in addition to his current duties.

He will be tasked with developing a new Government Data Standard, championing the use of open data and promoting data as a key factor in making decisions.

Cabinet Office minister Francis Maude said: "I'm delighted to announce that Mike Bracken, who has spearheaded this government's digital revolution, will also become the government's CDO.

"He is the ideal person to take our already world-leading approach to open data even further, while strengthening data analysis skills in Whitehall."

The GDS chief will now head up public sector open data champions', which currently comprise 16 local authorities across the UK, including those for London, Birmingham and Surrey.

The government has been ranked first in web inventor Sir Tim Berners-Lee's World Wide Web Foundation for Open Data list.

Julian David, CEO of trade body techUK, said the creation of the CDO role is a "vital" way of placing more importance on the topic of open data.

"Bracken will need to strike a balance between open data and inspiring confidence in the general public in how government uses their data," he added. "It's important to remember that this also includes the management of commercial business data, which if not managed correctly could impact businesses and jobs.

Bracken's appointment, announced yesterday, coincided with President Barack Obama revealing the US's first chief digital officer, ex-Google staffer Jason Goldman.

The president said: "Our mission is to use every single tool available to ensure that all Americans can contribute to and benefit from our American resurgence.

"Goldman brings an energy and coveted expertise as someone who's helped shape the digital age."

IBM is to bring social media data from Twitter to its Watson Analytics service, with tweets to also become available on its Bluemix cloud developer environment.

The company first announced a partnership with Twitter in October last year, gaining access to the social media site's database going back into 2009.

Since then, Twitter has announced IBM as it's only global consulting partner, and this week's announcement fulfills the promise of integration between the company's services.

Ginni Rometty, IBM CEO, said: "Twitter provides a powerful new lens through which to look at the world as both a platform for hundreds of millions of consumers and business professionals, and as a synthesiser of trends.

"This partnership, drawing on IBM's leading cloud-based analytics platform, will help clients enrich business decisions with an entirely new class of data. This is the latest example of how IBM is reimagining work."

And Chris Moody, VP of data strategy at Twitter, gave an example of how it might work, saying: "This relationship will enable IBM solutions like the famous computer Watson to access Twitter data as an input for multi-variable, pattern-dependent questions like 'What do customers like best about my products?' or 'Why are we growing quickly in Brazil?'"

Alistair Rennie, IBM Analytics general manager, said the enhancement to Watson Analytics has so far garnered 150 customer "engagements", claiming that the service goes beyond simply sentiment analysis of brands on Twitter.

"It's in demand signalling, the supply chain and customer churn models," he said. "One example is how employee retention has an impact on retail sales."

With the data taken from the social media platform, customers can more easily identify patterns and attach reasoning to customer behaviour.

This is boosted by the service's combining of information from a number of different data sources.

"The skillset needed to use that is similar to what you'd need for a spreadsheet, but it delivers very powerful analytics," Rennie added.

"People are not approaching this saying we'll take two years and have a long strategy. They want to do this quickly, get an insight, make a decision. And it is not expensive Watson Analytics is a freemium tool."

The Watson Analytics service does cost $30 per month, however, though with Bluemix, developers can access up to five million tweets for free, before a pay-as-you-go model kicks in when developers' apps are up and running.

Industries that have so far used the Twitter data service include financial services, insurance, consumer events, telecommunications, utilities and sporting events, according to IBM.

Facebook advertisers are about to get better insights into their customer base, after the social network partnered with a startup called DataSift.

It is providing Facebook with Topic Data, a data analysis tool designed to help marketers gain better insights while keeping users' information anonymous.

While not all partners of Facebook will get access to the tool, those that do will be able to access information on what customers and clients are saying about them, their brands and events on Facebook, then use that data to make better decisions in the future.

Nick Nyhan, CEO of public relation firm WPP's data analysis division, said: "When marketers have a deeper understanding of people and what they are interested in, they can create more relevant experiences for their audiences.

"By looking at topic data, we empower brands to make smarter marketing decisions.

"We've worked with DataSift for some time the way they cleverly collect and organise data continues to make it simple for WPP to ingest, connect and leverage it across the agency network."

As Facebook admitted in a blog post, third party tools offering a similar service do exist, but only with a significantly decreased sample size that renders the information far less useful.

Topic Data, however, works better in that it anonymises and aggregates data to give companies more in-depth insights into all activity.

"To help us develop and scale topic data, we're partnering with DataSift, a trusted leader in the data industry," Facebook wrote. "We want to make sure the information we provide is useful to marketers, so we're using DataSift's technology to power the platforms that turn the data into insights."

Topic Data will only be available to select Facebook partners in the US and UK to begin with, with a wider rollout to follow "at a later date".

Two-thirds of organisations see Big Data analytics as a competitive edge on their rivals, according to a global report from outsourcer Capgemini.

The study, Big & Fast Data: The rise of Insight-Driven Business', found that 64 per cent of enterprises from North America, South America, Europe and Asia-Pacific acknowledged Big Data as something "changing traditional business boundaries", with emerging companies using analytics to try and jump ahead of incumbents.

A quarter of the 1,000 respondents said they were facing competition from such newcomers in their industries, and 53 per cent expect more from start-ups utilising Big Data.

John Brahim, head of Capgemini insights & data global practice, stated: "We have reached an inflection point in the market. Information is at the heart of every business decision and companies need to fully embrace the opportunities of Big Data or risk losing out in the market place.

"Our research has identified that while some organisations are using Big Data to reduce cost and improve existing performance, others are using it to drive into new markets and ultimately to monetise data in its own right."

More than half (59 per cent) of respondents acknowledged that data analytics is now vital to a company's market value, with 43 per cent restructuring in an effort to make the most of Big Data.

"With 90 per cent of all the data in the world created in the last two years and 80 billion sensors activated by 2020, organisations must build for Big Data business models and insight economies," added R "Ray" Wang, principal analyst and chairman for Constellation Research.

"Success requires the mastery of data to decisions. The ability to ingest all types of data, transform data to information, surface up insights and take action on insights will enable organisations to create disruptive business models."

Two-thirds of NHS trusts are risking data breaches because they lack a policy to manage their employees' personal devices, it is claimed.

Just over one third (34 per cent) of trusts have measures in place to govern what devices staff can bring into work, and what they can do with them, according to a Freedom of Information (FoI) request sent to 35 trusts.

Those without a BYOD policy have sacrificed visibility into what devices are accessing their networks, claimed virtualisation firm Citrix, which submitted the FoI.

More than half the trusts 18 out of 35 were unaware whether personal devices were being used for work purposes.

A Citrix statement read: "This lack of visibility means that NHS trusts could be vulnerable to data breaches if a personal device is being used without adequate protection.

"The ability for employees to securely access trust data on the device of their choice has the potential to improve productivity and potentially contribute to a reduction in IT overhead cost.

"However, the FoI results reveal that many NHS trusts are struggling to seize this opportunity, with the delay in uptake also potentially having a significant effect on ensuring security requirements are met."

The news comes as the issue of data security in the NHS becomes a hotter and hotter topic, with the controversy of the patient data collection scheme, care.data, ongoing.

The initiative is meant to enable GP surgeries and hospitals to share patients' medical records, but has been criticised by data protection advocates.

Care.data was originally due to be rolled out in April 2014, but was delayed by six months due to a poor public consultation.

It's now being trialled in GP surgeries in Leeds North, West, South and East, Somerset, West Hampshire and Blackburn with Darwen.

But sceptics fear patient data will be sold to companies, despite assurances to the contrary, after millions of patients' information was sold off to private sector firms over the last decade, according to a report by the NHS information centre last June.

Tim Kelsey, national director for patients and information at NHS England, believes there is a moral right to collect patient data.

Speaking at a Big Data conference attended by IT Pro in January, he said: ""There are gaps so big, so dangerous, that they just have to be filled from a moral as well as a political perspective. We're going to be doing that this year.

"The NHS is not capable currently of telling you how many patients are treated for chemotherapy, for example. And certainly not capable of telling you that if they are treated, [then] what is their outcome."

IT Pro has approached NHS England for comment, but had not received a response at the time of publication.

The EU won't scrap data roaming charges until at least 2018, spelling three more years of paying for downloads and web browsing while on holiday.

The decision by governments of European nations flies in the face of the European Parliament and the European Commission, both of which had called for roaming charges to be ditched by the end of this year.

However, holidaymakers face a minimum of three more years of paying over the odds for data when abroad though governments agreed on a small roaming allowance' that will kick in mid-2016.

Consumer groups representative BEUC described the plans as "outrageous", adding that "roaming is not justifiable in a single market".

The UK had voiced support to cull roaming charges, as had Germany, but their positions were outweighed by other member states.

However, the cost of data roaming has fallen since 2012, when one MB of data cost 51p. It now costs 14p.

Current roaming tariffs when abroad:

Outgoing voice calls 14p

Incoming voice calls 4p

Outgoing SMS 4p

Data download (per MB) 14p

Telcos also won approval to be able to charge more for premium services like TV streaming in order to guarantee faster connections.

Guy Verhofstadt, leader of the centrist ALDE group in the European Parliament, said on Twitter: "No ban and not even review before 2018! Member states should hang their heads in shame for [their] statement on roaming."

The member states must now reach agreement with the European Parliament and European Commission before their proposed measures become law.

The European Commission (EC) has contracted Capgemini to build an 8 million Big Data portal across Europe, pulling in public datasets from 39 countries.

The body aims to make the Open Data Portal its core platform through which all European public data will be available to any citizen with internet access.

Capgemini will head up a consortium of organisations and subcontractors, including the Open Data Institute and the University of Southampton, to develop, launch and operate the portal.

The three-year contract will also see the consortium ensure governments publish and supply open datasets to the project, while subcontractors will be tasked with creating products and services based on the data.

European Union (EU)-specific data will include its aid spend per country, down to detailed information on research projects.

Dinand Tinholt, VP and EU lead at Capgemini, said: "More and more volumes of data are published every day, every hour, every minute, every second across every geography large and small.

"With the increasing digitisation of society, the amount of data across the world is set to increase exponentially.

"This strategic project is at the heart of all the open and Big Data initiatives of public administrations across Europe.

"It will also serve as a platform to engage with private players, of all sizes, operating in the field of open data and predictive analytics."

The consortium will earn up to 8 million, with the money coming from the Connecting Europe Facility (CEF), an EU quango whose purpose is to deploy IT infrastructure that helps businesses, people and governments across Europe collaborate.

The news comes after the EC announced a tender for its first cloud services last month, seeking suppliers to provide it with Infrastructure-as-a-Service (IaaS) cloud, public IaaS cloud and public Platform-as-a-Service cloud services.

The two-year contract would see the EC gain 2,500 virtual machines and 2,500TB of virtual storage equivalent to around 15 per cent of the EC's in-house capacity.

Sheffield Teaching Hospitals NHS Trust has picked HP to give it a "complete picture" of every single patient.

Hewlett-Packard is the primary contractor to help the trust's five hospitals get a single, integrated view of all the information on any one patient.

Healthcare tech firm Orion Health will partner with Imprivata's single sign-on solution to provide the hospitals with a portal to access health records remotely.

HP will then help make those health records as complete as possible by compiling disparate pieces of information about the patient's medical history.

"We need to have a complete picture of each patient when we are providing their care," said David Throssell, medical director at the trust.

"This new portal will act as an umbrella across a number of our current computer systems, meaning hospital and community health staff will only have to log in once to view the different patient information systems, on one screen. It will enable a single, clinical view of every patient."

This single view will let healthcare workers access key patient details wherever they are, and Dr Throssell believes it will lead to more joined-up working between care workers.

"Many of our staff work outside the hospital in the community or in patients' homes and so having the right information available is also key," he added. "The clinical portal will enable this to happen and it will mean staff do not have to keep asking patients the same questions."

The information accessible via the portal will include drug treatments, diagnosis results and other important details relevant to patients' care.

But the portal will also let the hospitals involved share information with other NHS bodies with the technology, opening up opportunities to get expert advice, for instance.

Dr Throssell added: "When a patient is admitted to another NHS organisation or when they are visited by their GP, we will soon be able to share vital information with their healthcare provider. This can only be a good thing for our patients."

The hospitals set to benefit from the deal the value of which remains undisclosed are Northern General Hospital, Royal Hallamshire Hospital, Charles Clifford Dental Hospital, Weston Park Cancer Hospital and Jessop Wing Maternity Hospital.

Anjanish Shekhar, account executive at HP, said: "Integrating information around the patient journey and improving clinical productivity is key to improving patient care and reducing risks.

"[HP] can help integrate primary, acute and social care by enabling clinicians to access context-sensitive views of patient information from multiple systems, no matter where they are."

The news comes after the NHS argued there is a moral case for data collection at an event earlier this week.

NHS England patient information director Tim Kelsey claimed more insight derived from care.data would plug "dangerous gaps" in the NHS's knowledge.

"The NHS is not capable currently of telling you how many patients are treated for chemotherapy, for example. And certainly not capable of telling you that if they are treated, [then] what is their outcome," he said.

Collecting patient data is a moral requirement, the man in charge of the NHS's controversial care.data scheme claimed today.

Tim Kelsey, national director for patients and information at NHS England, warned that collecting and storing patients' medical records was the only way to fill huge gaps in NHS knowledge.

He said: "There are gaps so big, so dangerous, that they just have to be filled from a moral as well as a political perspective. We're going to be doing that this year.

"The NHS is not capable currently of telling you how many patients are treated for chemotherapy, for example. And certainly not capable of telling you that if they are treated, [then] what is their outcome."

Speaking at WANdisco's Big Data Breakfast event in London earlier today, Kelsey also admitted that public concern over the privacy of their data under the care.data scheme was legitimate.

Care.data would see people's health records connected to the Health and Social Care Information Centre, allowing for information to be shared between GP surgeries as well as hospitals.

The roll out of the 50 million scheme was meant to start in April 2014, but was postponed for six months due to a lack of proper public consultation.

A report released last month by All Party Parliamentary Group for Patient and Public Involvement in Health and Social Care added that concerns remain over the collection of private information.

It read: "Patients and the public are broadly supportive of the principle of using health data for research that is in the public interest.

"However, many people still have deep concerns about the programme and are worried about how their personal data will be used."

Today Kelsey said the scheme, due to be trialled in GP practices this year, was starting afresh, despite delays in naming the surgeries and GPs set to take part in the trials.

He said: "Care.data seemed like it was a failure last year when we had to bring it to a halt because of the media campaign, and I think legitimate public concerns... in relation to people's privacy.

"Care.data is starting again now - there's some pathfinder localities that are going to be beginning to work with local communities on extracting data, linking GP data with hospital data, building new ways we can analyse the pathway of care a patient has travelled down."

The Independent Information Governance Oversight Panel (IIGOP) published a report examining if health and social care bodies were protecting personal data properly, after laying out 26 recommendations at the start of 2014 to improve data sharing.

The report found organisations were only making good progress on six points. Its conclusion was: "The report card at the end of the first year after the Government's acceptance of the recommendations reads: "Must try harder."

"It is now time for the health and care system to increase the pace of efforts to get information governance right."

Virgin Atlantic is reportedly working with Microsoft to create a motion sensor cabin that improves passengers' flight experience.

The airline will introduce Redmond's Xbox Kinect technology to its aircraft to analyse customer movement on-board, changing their environment to maximise their comfort, according to The Drum.

Head of customer experience at Virgin Atlantic, Debbie Hulme, told The Drum: "We're looking at the Kinect technology to really see if we can read consumer behaviour and movement in the cabin to understand at an individual level what is the most comfortable place for you to work, to sleep, to eat and how we might develop that intelligence into an on-board product to tailor it far more to the individual customer."

Its aircraft could use Kinect's motion sensor capabilities to react to customers moving about to change things like lighting, termperature and seat positions in real time, she added.

That is just one facet of a partnership between the firms that will include analytics and other technologies, and which started with a flight from Heathrow to Boston on Sunday night.

Passengers on the flight were all handed a Windows 8.1 tablet, pre-loaded with an app that tracked Father Christmas' flight across the Atlantic.

Connected to the on-board Wi-Fi, the app also let passengers chat to Father Christmas, before he landed on the flight to pose for selfies with them.

Hulme said: "Microsoft is also providing us with the analytics to look at how passengers interacted with the technology so we can work out what they enjoyed the most.

"This will enable us to continually improve and innovate. Expect to see more from Virgin Atlantic and Microsoft in 2015."

The airline will continue to explore potential ways to use technology on flights with Microsoft as it seeks to improve passengers' flight experiences.

Fred Warren, creative director of Microsoft Connected Digital Services, added: "Through this experience we are looking to explore how the aircraft can be brought to life in different ways via the use of digital technologies to amplify the amazing service that is offered to customers today and how passengers engage after the flight.

"We were able to give passengers a glimpse of what is possible from more immersive flight experiences."

What keeps a career technologist going? Is it the new challenges faced every day? Or is it the opportunity to see new technology put to work in the real world?

Robert de Souza has worked on some of the most innovative and ground breaking technology platforms in media, from BBC iPlayer to The Times iPad app. He's faced challenges, enjoyed breakthroughs, and seen the technology landscape change time and time again.

Here he recounts some of the biggest challenges of his career, and discusses what the future holds for technology in a business environment.

For more advice on transforming your business, visit HP BusinessNow

The NHS's care.data scheme could be hit with more delays after a report raised fresh concerns over its delivery timeline.

The scheme, designed to share patients' medical records, was originally meant to be rolled out in April this year, but was delayed by six months in February due to a lack of proper consultation.

It has now emerged a date for a shortlist of potential surgeries to trial the scheme before implementation may not be released until sometime in the new year.

NHS England, which is leading the project, announced four areas for the pilot programme back in October - Leeds North, West, South and East, Somerset, West Hampshire and Blackburn with Darwen - but there is no word yet on a date for the shortlist.

But it yesterday admitted it will not even have finished signing up GPs for those trials until the new year has started.

Meanwhile, a new report by the All Party Parliamentary Group for Patient and Public Involvement in Health and Social Care and the Patients Association this week found that significant doubts remain over the scheme's timeline, despite finding support for its aims.

The report, entitled Care.data Inquiry, found: "Patients and the public are broadly supportive of the principle of using health data for research that is in the public interest. However, many people still have deep concerns about the programme and are worried about how their personal data will be used."

It added: "There has been a lack of clarity and publicity around the care.data programme, how the data will be used, who the data will be used by, and what implications it has for end of life care."

The Patients Association added there must be "robust" safeguards built into the IT systems to prevent unauthorised access to the data.

The cross-party group also cited the need for an open consultation on what data would be collected, the importance of being able to opt out and recommended penalties for the misuse of data.

The Parliamentary Group will meet with NHS England in 2015 to get a progress report, if updates do not come sooner.