<?xml version="1.0" encoding="UTF-8"?>
<rss version="2.0"
     xmlns:content="http://purl.org/rss/1.0/modules/content/"
     xmlns:dc="https://purl.org/dc/elements/1.1/"
     xmlns:dcterms="http://purl.org/dc/terms/"
     xmlns:media="http://search.yahoo.com/mrss/"
     xmlns:atom="http://www.w3.org/2005/Atom"
>
    <channel>
                    <atom:link href="https://www.itpro.com/feeds/tag/it-governance" rel="self" type="application/rss+xml" />
                            <title><![CDATA[ Latest from ITPro in It-governance ]]></title>
                <link>https://www.itpro.com/tag/it-governance</link>
        <description><![CDATA[ All the latest it-governance content from the ITPro team ]]></description>
                                    <lastBuildDate>Tue, 27 Jan 2026 11:45:37 +0000</lastBuildDate>
                            <language>en</language>
                                <item>
                                                            <title><![CDATA[ AI is “forcing a fundamental shift” in data privacy and governance ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/security/privacy/ai-is-forcing-a-fundamental-shift-in-data-privacy-and-governance</link>
                                                                            <description>
                            <![CDATA[ Organizations are working to define and establish the governance structures they need to manage AI responsibly at scale – and budgets are going up ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">j2ts9qHpTFsYN7yTaFKsU9</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/ChVns2sZRm8ohNECYxRrPh-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Tue, 27 Jan 2026 11:45:37 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Privacy]]></category>
                                                    <category><![CDATA[Security]]></category>
                                                                                                                    <dc:creator><![CDATA[ Emma Woollacott ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/aWfskavxoVSMDy6cDWtYmJ.jpg ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/ChVns2sZRm8ohNECYxRrPh-1280-80.jpg">
                                                            <media:credit><![CDATA[Getty Images]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Data privacy concept image showing digitized human eyeball surrounded by data platforms and statistical interface panels.]]></media:description>                                                            <media:text><![CDATA[Data privacy concept image showing digitized human eyeball surrounded by data platforms and statistical interface panels.]]></media:text>
                                <media:title type="plain"><![CDATA[Data privacy concept image showing digitized human eyeball surrounded by data platforms and statistical interface panels.]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/ChVns2sZRm8ohNECYxRrPh-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>Enterprises are shaking up their approach to data privacy and governance, new research shows, largely due to added risk factors created by <a href="https://www.itpro.com/technology/artificial-intelligence/large-enterprises-could-be-wavering-on-ai-adoption">AI adoption</a>.</p><p>According to Cisco's 2026 <em>Data and Privacy Benchmark Study</em>, nearly all companies are expanding privacy programs and governance frameworks to protect their data. </p><p>AI is the main reason for 90%, with 93% saying they planned further investment to keep up with the complexity of AI systems and the expectations of customers and regulators. </p><p>The survey found that 38% spent at least $5 million on their privacy programs in the past year – marking a dramatic increase from just 14% who spent over that threshold in 2024. </p><p>Notably, these programs appear to be working well. An overwhelming 96% of organizations reported that robust privacy frameworks were helping unlock AI agility and innovation, and 95% said privacy was essential for building customer trust in AI-powered services.</p><p>One interesting change spotted by the researchers is that trust is no longer just a question of meeting regulatory requirements. </p><p><a href="https://www.itpro.com/security/data-protection/fears-over-ai-model-collapse-are-fueling-a-shift-to-zero-trust-data-governance-strategies">Data governance</a> is now seen as a strategic business enabler, with 99% of organizations reporting at least one tangible benefit from their privacy initiatives, such as enhanced agility, innovation, and greater customer loyalty. </p><p>Almost half said that clear communication about how data is collected and used is the most effective way to build customer confidence.</p><p>As a result, governance is evolving – although many organizations are still working to define and establish the structures they need to manage AI responsibly.</p><p>While three-quarters report having a dedicated AI governance body in place, only 12% describe it as mature. Meanwhile, 65% of organizations struggle to access relevant, high-quality data efficiently.</p><p>"<a href="https://www.itpro.com/strategy/28181/what-is-ai">AI </a>is forcing a fundamental shift in the data landscape, calling for holistic governance of all data – both personal and non-personal,” said Jen Yokoyama, senior vice president, legal innovation and strategy, at Cisco. </p><p>“Organizations must deeply understand and structure their data to ensure every automated decision is explainable. It’s not just for compliance, but a necessary scaling engine for AI innovation.”</p><h2 id="data-requirements-are-causing-headaches">Data requirements are causing headaches</h2><p>While 72% of respondents were generally positive about data privacy laws, there is a growing push to streamline and update data requirements, Cisco found.</p><p>Just over eight-in-ten organizations surveyed face heightened demand for data localization and global data complexity - and 85% said this adds cost, complexity, and risk to cross-border service delivery. #</p><p>Similarly, 77% report these requirements limit their ability to offer seamless 24/7 service across markets.</p><p>On top of this, the assumption that locally stored data is inherently more secure is gradually eroding, from 90% in 2025 to 86% in 2026.</p><p>“To capture the potential of AI, organizations (83%) are advocating for a shift toward harmonized international standards,” said Harvey Jang, Cisco vice president and chief privacy officer. </p><p>“They recognize that global consistency is an economic necessity to ensure data can flow securely while maintaining the high standards of protection required for trust.”</p><p>Cisco said enterprises should invest in robust data infrastructure, prioritizing transparency, and embedding security and privacy throughout AI initiatives. </p><p>Elsewhere, they should make sure they're making informed decisions about data localization, establish strong <a href="https://www.itpro.com/technology/artificial-intelligence/organizations-face-ticking-timebomb-over-ai-governance">AI governance</a>, and kit out their teams with comprehensive training and safeguards. </p><h3 class="article-body__section" id="section-follow-us-on-social-media"><span>FOLLOW US ON SOCIAL MEDIA</span></h3>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Security updates for Windows 7 finally end, users urged to upgrade ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/operating-systems/microsoft-windows/369820/security-updates-windows-7-finally-end-users-urged-to-upgrade</link>
                                                                            <description>
                            <![CDATA[ Users have been urged to update to more modern operating systems, such as Windows 10 or 11 ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">gEej7nsN43BCAi7NaKoARU</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/YkTwmxGBG6o7HWeSAyFWLF-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Mon, 09 Jan 2023 12:10:24 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Windows]]></category>
                                                    <category><![CDATA[Software]]></category>
                                                    <category><![CDATA[Microsoft]]></category>
                                                                                                                    <dc:creator><![CDATA[ Ross Kelly ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/Y5vrV2V98Np6jHAGmAtCd3.jpg ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/YkTwmxGBG6o7HWeSAyFWLF-1280-80.jpg">
                                                            <media:credit><![CDATA[Shutterstock]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[The Windows (start menu) key on a keyboard]]></media:description>                                                            <media:text><![CDATA[The Windows (start menu) key on a keyboard]]></media:text>
                                <media:title type="plain"><![CDATA[The Windows (start menu) key on a keyboard]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/YkTwmxGBG6o7HWeSAyFWLF-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>Microsoft has announced it plans to cease security updates for Windows 7 beginning Tuesday 10 January. </p><p>The move will see users of Windows 7 Professional and Enterprise editions go without vital security protections unless they switch to a more recent operating system (OS), the company confirmed in a recent <a href="https://support.microsoft.com/en-us/office/windows-7-end-of-support-and-office-78f20fab-b57b-44d7-8368-06a8493f3cb9">update</a>. </p><p>In addition, the company confirmed that <a href="https://support.microsoft.com/en-us/office/windows-8-and-windows-8-1-end-of-support-and-office-34e28be4-1e4f-4928-b210-3f45d8215595#:~:text=Important%3A,their%20end%20of%20support%20dates.">support</a> for Windows 8.1 will also end on Tuesday. </p><p>Microsoft officially discontinued support for <a href="https://www.itpro.com/microsoft-windows/32066/what-to-do-if-youre-still-running-windows-7" data-original-url="https://www.itpro.com/microsoft-windows/32066/what-to-do-if-youre-still-running-windows-7">Windows 7</a> in January 2020. However, customers still using the legacy operating system were granted some security provisions as part of the company’s Extended Security Update (ESU) programme. </p><p>A key factor in continuing security support, Microsoft revealed at the time, was to provide users with “additional time” to transition from Windows 7 to supported operating systems such as <a href="https://www.itpro.com/operating-systems/microsoft-windows/369564/windows-11-tips-and-tricks-for-working-professionals" data-original-url="https://www.itpro.com/operating-systems/microsoft-windows/369564/windows-11-tips-and-tricks-for-working-professionals">Windows 11</a>. </p><p>“But, during that time, as long as the device is still running Windows 7, Microsoft 365 won’t receive any new features updates,” the firm said. </p><p>The tech giant said that in order to “maintain the reliability and stability” of devices, it strongly recommends users upgrade to more modern PCs capable of running Windows 11. </p><p>Users can upgrade to Windows 10 as an alternative. However, the tech giant warned that support for this OS will end in October 2025. </p><p>“Most Windows 7 devices will not meet the hardware requirements for upgrading to Windows 11, as an alternative, compatible Windows 7 PCs can be upgraded to Windows 10 by purchasing and installing a full version of the software,” Microsoft said. </p><div  class="fancy-box"><div class="fancy_box-title">RELATED RESOURCE</div><div class="fancy_box_body"><figure class="van-image-figure "  ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="eNyWocwZkU6AFRW4cbpF2B" name="eNyWocwZkU6AFRW4cbpF2B.png" caption="" alt="" src="https://cdn.mos.cms.futurecdn.net/eNyWocwZkU6AFRW4cbpF2B.png" mos="https://cdn.mos.cms.futurecdn.net/eNyWocwZkU6AFRW4cbpF2B.png" link="" align="" fullscreen="" width="0" height="0" attribution="" endorsement="" class="pinterest-pin-exclude"></p></div></div></figure><p class="fancy-box__body-text"><strong>Getting board-level buy-in for security strategy</strong></p><p class="fancy-box__body-text">Why cyber security needs to be a board-level issue</p><p class="fancy-box__body-text"><a data-analytics-id="inline-link" href="https://www.itpro.com/security/cyber-security/369454/getting-board-level-buy-in-for-security-strategy" data-original-url="/security/cyber-security/369454/getting-board-level-buy-in-for-security-strategy">FREE DOWNLOAD</a></p></div></div><p>“Before investing in a <a href="https://www.itpro.com/operating-systems/25802/17-windows-10-problems-and-how-to-fix-them" data-original-url="https://www.itpro.com/operating-systems/25802/17-windows-10-problems-and-how-to-fix-them">Windows 10</a> upgrade, please consider that Windows 10 will reach its end of support date on 14 October 2025.” </p><p>Windows 7 officially launched in October 2009 and the operating system still caters to a significant global user base. </p><p>At present, the OS runs on around <a href="https://gs.statcounter.com/os-version-market-share/windows/desktop/worldwide">11% of all Windows systems</a> globally. Reports from January 2021 suggested that Windows 7 was still used on nearly 100 million devices, highlighting its <a href="https://www.itpro.com/operating-systems/microsoft-windows/367423/windows-11-has-fewer-users-than-both-windows-7-and" data-original-url="https://www.itpro.com/operating-systems/microsoft-windows/367423/windows-11-has-fewer-users-than-both-windows-7-and">popularity</a> despite the series of more modern options available to users. </p><h2 id="security-considerations">Security considerations </h2><p>Joey Stanford, VP of privacy and security at Platform.sh, said the end-of-life (EoL) announcement has been long-awaited and as such, businesses should view upgrades as imperative to prevent security risks. </p><p>“While it might feel like an easy option to ignore the announcement, any system left operating on Windows 8 exposes a business to a significant amount of risk,” he said. </p><p>“In August 2020, the FBI issued a warning to the private industry that cyber criminals were specifically targeting Windows 7 systems following its end of support. Ignoring the EoL date isn’t an option,” Stanford added. </p><h2 id="counting-the-cost-of-upgrades">Counting the cost of upgrades </h2><p>While Microsoft advises businesses to upgrade devices as frequently as possible, Stanford warned there are inherent burdens associated with this process, including the potential costs of upgrading. </p><p>"It’s not a simple case of 'auto-update' for everyone,” he said. “Those late to the party will be forced to bypass Windows 10 and go straight to 11, a much newer and more expensive OS that some won’t have the hardware to support.” </p><div  class="fancy-box"><div class="fancy_box-title"></div><div class="fancy_box_body"><p class="fancy-box__body-text"><a data-analytics-id="inline-link" href="https://www.itpro.com/operating-systems/microsoft-windows/369757/windows-10-blue-screen-of-death-patch-tuesday-updates" data-original-url="/operating-systems/microsoft-windows/369757/windows-10-blue-screen-of-death-patch-tuesday-updates">Windows 10 users encounter ‘blue screen of death’ after latest Patch Tuesday update</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/operating-systems/microsoft-windows/369564/windows-11-tips-and-tricks-for-working-professionals" data-original-url="/operating-systems/microsoft-windows/369564/windows-11-tips-and-tricks-for-working-professionals">Windows 11 tips and tricks for IT professionals</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/software/368934/how-to-check-if-your-pc-is-compatible-with-windows-11" data-original-url="/software/368934/how-to-check-if-your-pc-is-compatible-with-windows-11">How to check if your PC is compatible with Windows 11</a></p></div></div><p>“Unfortunately, many businesses still have a heavy reliance on legacy systems including those that operate in the industrial industry and banking sector. These industries put their digital faith in systems that struggle to be updated and can’t handle being switched off for updates. Without a plan for EoL this can become a big security risk.” </p><p>A recommended approach for businesses to curtail costs when <a href="https://www.itpro.com/operating-systems/microsoft-windows/369237/should-your-business-upgrade-to-windows-11" data-original-url="https://www.itpro.com/operating-systems/microsoft-windows/369237/should-your-business-upgrade-to-windows-11">upgrading to Windows 11</a> is to upgrade in waves or plan to commit budgets towards future upgrades. </p><p>This does vary depending on the number of machines businesses run and the current spec of devices, however. </p><p>To assess upgrade readiness, <a href="https://learn.microsoft.com/en-us/windows/whats-new/windows-11-plan?ranMID=24542&ranEAID=kXQk6*ivFEQ&ranSiteID=kXQk6.ivFEQ-qlvjTmOyzueeDYyVK79WfQ&epi=kXQk6.ivFEQ-qlvjTmOyzueeDYyVK79WfQ&irgwc=1&OCID=AID2200057_aff_7593_1243925&tduid=(ir__yyn3oarvhwkfbmjv2v1addolhm2xcsicdtjjatbd00)(7593)(1243925)(kXQk6.ivFEQ-qlvjTmOyzueeDYyVK79WfQ)()&irclickid=_yyn3oarvhwkfbmjv2v1addolhm2xcsicdtjjatbd00">Microsoft’s Endpoint Manager</a> allows businesses to better understand how compatible the organisation is when embarking on upgrades. </p><p>The Endpoint Manager tool provides users with insights into which devices meet Windows 11 hardware requirements </p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Ensuring compliance with the National Bioengineered Food Disclosure Standard (NBFDS) ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/software/digitisation/369554/ensuring-compliance-with-the-national-bioengineered-food-disclosure</link>
                                                                            <description>
                            <![CDATA[ How food manufacturers can enhance traceability with technology to be compliant ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">qf3t3sQBxU7mt9hjw23RS5</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/VBtZu7riCanJhjvD9XdBuU-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Mon, 21 Nov 2022 15:21:35 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Digital Transformation]]></category>
                                                    <category><![CDATA[Business]]></category>
                                                                                                <author><![CDATA[ itpro@futurenet.com (ITPro) ]]></author>                    <dc:creator><![CDATA[ ITPro ]]></dc:creator>                                                                                    <dc:source><![CDATA[ null ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/VBtZu7riCanJhjvD9XdBuU-1280-80.jpg">
                                                            <media:credit><![CDATA[null]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Whitepaper cover with image of lady selecting a jar of pasta from a shelf]]></media:description>                                                            <media:text><![CDATA[Whitepaper cover with image of lady selecting a jar of pasta from a shelf]]></media:text>
                                <media:title type="plain"><![CDATA[Whitepaper cover with image of lady selecting a jar of pasta from a shelf]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/VBtZu7riCanJhjvD9XdBuU-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>Bioengineered food is food that contains genetically modified material, and soon food manufacturers will be required to inform customers if their products contain any, through labels and display signage.</p><p>The National Bioengineered Food Disclosure Standard (NBFDS) is a mandatory requirement as of the beginning of 2022, and this whitepaper shares the key points of NBFDS for food manufacturers and its impact, as well as the technologies that can support the industry to be NBFDS compliant.</p><p>Download this paper now to learn the solutions manufacturers, ingredient suppliers and retailers can implement now.</p><p><em>Provided by</em></p><figure class="van-image-figure pull-" data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="kzUt7F4NdiYHGaza5FVuw7" name="" alt="Sage logo" src="https://cdn.mos.cms.futurecdn.net/kzUt7F4NdiYHGaza5FVuw7.png" mos="https://cdn.mos.cms.futurecdn.net/kzUt7F4NdiYHGaza5FVuw7.png" align="" fullscreen="" width="" height="" attribution="" endorsement="" class="pull-"></p></div></div></figure><iframe frameborder="0" height="1000" width="100%" data-lazy-priority="high" data-lazy-src="https://dennis.cvtr.io/forms/49883/sage-q4?locale=1&p=false&wp=10531"></iframe>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Death of the tick mark ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/policy-legislation/data-governance/368135/death-of-the-tick-mark</link>
                                                                            <description>
                            <![CDATA[ How to prevent internal audit becoming obsolete ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">5LVvReSf1pRMbdZoBLLddV</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/9N4bQ9sjXRDaa3JaZz7rdc-1280-80.png" type="image/png" length="0"></enclosure>
                                                                        <pubDate>Tue, 07 Jun 2022 13:12:03 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Big Data]]></category>
                                                    <category><![CDATA[Technology]]></category>
                                                                                                <author><![CDATA[ itpro@futurenet.com (ITPro) ]]></author>                    <dc:creator><![CDATA[ ITPro ]]></dc:creator>                                                                                    <dc:source><![CDATA[ null ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/png" url="https://cdn.mos.cms.futurecdn.net/9N4bQ9sjXRDaa3JaZz7rdc-1280-80.png">
                                                            <media:credit><![CDATA[null]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Whitepaper cover with image of a hand holding a pen over a tick list]]></media:description>                                                            <media:text><![CDATA[Whitepaper cover with image of a hand holding a pen over a tick list]]></media:text>
                                <media:title type="plain"><![CDATA[Whitepaper cover with image of a hand holding a pen over a tick list]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/9N4bQ9sjXRDaa3JaZz7rdc-1280-80.png" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>Auditing is an independent consulting activity, intended to help organisations improve their operations, as it evaluates ways to improve risk management. However within the technology industry, auditors are being replaced by automation, and with CFOs looking to reduce spending, the function of audit and compliance could become obsolete.</p><p>The audit process needs to change for the better, and with emerging technology, there’s great potential for auditing to adapt and drive real value in relation to data analytics and risk management monitoring.</p><p>Download this whitepaper to learn where audit technology is headed, and what it means for your organisation.</p><p><em>Provided by</em></p><figure class="van-image-figure pull-" data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="UtvAeeAcF8dVU7LoiMht4J" name="" alt="Diligent logo" src="https://cdn.mos.cms.futurecdn.net/UtvAeeAcF8dVU7LoiMht4J.png" mos="https://cdn.mos.cms.futurecdn.net/UtvAeeAcF8dVU7LoiMht4J.png" align="" fullscreen="" width="" height="" attribution="" endorsement="" class="pull-"></p></div></div></figure><iframe frameborder="0" height="1000" width="100%" data-lazy-priority="low" data-lazy-src="https://dennis.cvtr.io/forms/49676/diligent-fy22-risk-and-compliance?locale=1&p=false&wp=9650"></iframe>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Nine steps to IT audit readiness ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/business-strategy/risk-management/368132/nine-steps-to-it-audit-readiness</link>
                                                                            <description>
                            <![CDATA[ How technology can help win back your time and reduce IT risk ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">o7HnY8K9jA4yme5KvGmpLz</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/zoqTYfttWyamiHY8XhBKKN-1280-80.png" type="image/png" length="0"></enclosure>
                                                                        <pubDate>Tue, 07 Jun 2022 13:05:03 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Business Strategy]]></category>
                                                    <category><![CDATA[Business]]></category>
                                                                                                <author><![CDATA[ itpro@futurenet.com (ITPro) ]]></author>                    <dc:creator><![CDATA[ ITPro ]]></dc:creator>                                                                                    <dc:source><![CDATA[ null ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/png" url="https://cdn.mos.cms.futurecdn.net/zoqTYfttWyamiHY8XhBKKN-1280-80.png">
                                                            <media:credit><![CDATA[null]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Whitepaper cover with image of female employee wearing glasses reflected in a screen of data graphs]]></media:description>                                                            <media:text><![CDATA[Whitepaper cover with image of female employee wearing glasses reflected in a screen of data graphs]]></media:text>
                                <media:title type="plain"><![CDATA[Whitepaper cover with image of female employee wearing glasses reflected in a screen of data graphs]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/zoqTYfttWyamiHY8XhBKKN-1280-80.png" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>In today’s hybrid working world, with the increased number of devices, data and systems, the risk to global IT is significant, making the regulatory environment more complex.</p><p>With IT leaders facing more challenges than ever before, the differing regulations and compliance frameworks means a vast amount of work for an often resource-limited team. But being able to get to a stage of IT compliance, ready for audit, is achievable with the right technology.</p><p>Download this whitepaper to understand the key components when it comes to being IT audit-ready - including process, technology, and people - with clear steps to follow, ensuring your business gets there.</p><p><em>Provided by</em></p><figure class="van-image-figure pull-" data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="UtvAeeAcF8dVU7LoiMht4J" name="" alt="Diligent logo" src="https://cdn.mos.cms.futurecdn.net/UtvAeeAcF8dVU7LoiMht4J.png" mos="https://cdn.mos.cms.futurecdn.net/UtvAeeAcF8dVU7LoiMht4J.png" align="" fullscreen="" width="" height="" attribution="" endorsement="" class="pull-"></p></div></div></figure><iframe frameborder="0" height="1000" width="100%" data-lazy-priority="low" data-lazy-src="https://dennis.cvtr.io/forms/49676/diligent-fy22-risk-and-compliance?locale=1&p=false&wp=9647"></iframe>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ KRI basics for IT governance ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/business-strategy/risk-management/368130/kri-basics-for-it-governance</link>
                                                                            <description>
                            <![CDATA[ How information technology & information security can implement this crucial part of risk management ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">dyR9hTBF75c6rKs1YphLew</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/artk5m3dxh2auzw8iwrhAe-1280-80.png" type="image/png" length="0"></enclosure>
                                                                        <pubDate>Tue, 07 Jun 2022 12:44:30 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Business Strategy]]></category>
                                                    <category><![CDATA[Business]]></category>
                                                                                                <author><![CDATA[ itpro@futurenet.com (ITPro) ]]></author>                    <dc:creator><![CDATA[ ITPro ]]></dc:creator>                                                                                    <dc:source><![CDATA[ null ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/png" url="https://cdn.mos.cms.futurecdn.net/artk5m3dxh2auzw8iwrhAe-1280-80.png">
                                                            <media:credit><![CDATA[null]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Whitepaper cover with worker holding a tablet and looking at a server]]></media:description>                                                            <media:text><![CDATA[Whitepaper cover with worker holding a tablet and looking at a server]]></media:text>
                                <media:title type="plain"><![CDATA[Whitepaper cover with worker holding a tablet and looking at a server]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/artk5m3dxh2auzw8iwrhAe-1280-80.png" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>Key risk indicators (KRIs) can help predict adverse events that may impact your organisation and are widely considered an essential part of good governance. These indicators link to a range of operational risk-management activities and processes, making them especially beneficial as metrics of changes in a company’s risk profile.</p><p>Here, you’ll learn how to implement, manage and maintain KRIs within your IT department:</p><ul><li>Choosing appropriate KRIs can benefit your organisation</li><li>Examples of effective KRIs</li><li>KRIs/KRI selection worksheet</li><li>Implementing automated reporting</li></ul><p><em>Provided by</em></p><figure class="van-image-figure pull-" data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="UtvAeeAcF8dVU7LoiMht4J" name="" alt="Diligent logo" src="https://cdn.mos.cms.futurecdn.net/UtvAeeAcF8dVU7LoiMht4J.png" mos="https://cdn.mos.cms.futurecdn.net/UtvAeeAcF8dVU7LoiMht4J.png" align="" fullscreen="" width="" height="" attribution="" endorsement="" class="pull-"></p></div></div></figure><iframe frameborder="0" height="1000" width="100%" data-lazy-priority="low" data-lazy-src="https://dennis.cvtr.io/forms/49676/diligent-fy22-risk-and-compliance?locale=1&p=false&wp=9407"></iframe>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Google claims US government is too reliant on unsecure Microsoft products ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/business/policy-legislation/367279/google-says-us-gov-too-reliant-on-microsoft-security</link>
                                                                            <description>
                            <![CDATA[ The tech giant suggested it might be time for the government to rethink its approach to procurement ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">3HE8ZP81qaHyhGL5ogrduD</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/UXQm92a6enaRTk62tRkRkf-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Fri, 01 Apr 2022 10:43:58 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Security]]></category>
                                                                                                                    <dc:creator><![CDATA[ Zach Marzouk ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/ncLkbsDMZ6b76Lc5iS6mZh.jpg ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/UXQm92a6enaRTk62tRkRkf-1280-80.jpg">
                                                            <media:credit><![CDATA[Shutterstock]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[US flag outside Congress]]></media:description>                                                            <media:text><![CDATA[US flag outside Congress]]></media:text>
                                <media:title type="plain"><![CDATA[US flag outside Congress]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/UXQm92a6enaRTk62tRkRkf-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>Google has called on the US government to rethink its practice of favouring Microsoft technology when procuring technology, accusing the company of having a reputation for cyber security vulnerabilities and poor user perception.</p><p>Repeated <a href="https://www.itpro.com/security/28196/the-cybersecurity-skills-your-business-needs" target="_blank" data-original-url="https://www.itpro.com/security/28196/the-cybersecurity-skills-your-business-needs">cyber security</a> breaches on US government systems have interrupted vital work and cost the taxpayer billions of dollars, said Google Cloud’s Jeanette Manfra, senior director of Global Risk and Compliance in a blog post.</p><div  class="fancy-box"><div class="fancy_box-title"></div><div class="fancy_box_body"><p class="fancy-box__body-text"><a data-analytics-id="inline-link" href="https://www.itpro.com/business-strategy/collaboration/360830/microsoft-teams-google-workspace-battle-narrative" data-original-url="/business-strategy/collaboration/360830/microsoft-teams-google-workspace-battle-narrative">Google and Microsoft's hybrid work battle shows the narrative is just as important as the technology</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/business/policy-legislation/360440/google-microsoft-fight-over-documents-in-antitrust-lawsuit" data-original-url="/business/policy-legislation/360440/google-microsoft-fight-over-documents-in-antitrust-lawsuit">Google, Microsoft fight over documents in antitrust lawsuit</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/cloud/public-cloud/359287/microsoft-signs-new-deal-with-uk-government" data-original-url="/cloud/public-cloud/359287/microsoft-signs-new-deal-with-uk-government">UK gov agrees new three-year cloud deal with Microsoft</a></p></div></div><p>Manfra, who has spent 20 years in the public sector, most recently as the head of the Cybersecurity and Infrastructure Security Agency (CISA)’s cyber security division, claimed that the government was at a disadvantage due to its approach to procurement, and an over reliance on Microsoft products.</p><p>She pointed to a recent Google poll of 2,600 US government workers, which found that the majority of those surveyed reported being “very” concerned about cyber attacks against their employers in the coming years. Most of those surveyed (80%) also said that the recent attacks, like the <a href="https://www.itpro.com/security/cyber-attacks/361144/the-it-pro-podcast-behind-the-scenes-of-the-solarwinds-hack" target="_blank" data-original-url="https://www.itpro.com/security/cyber-attacks/361144/the-it-pro-podcast-behind-the-scenes-of-the-solarwinds-hack">SolarWinds</a> breach, has them concerned about their <a href="https://www.itpro.com/data-protection/28177/data-protection-policies-and-procedures" target="_blank" data-original-url="https://www.itpro.com/data-protection/28177/data-protection-policies-and-procedures">personal data</a> and privacy, and that of their family members.</p><p>Results also showed a lack of satisfaction with legacy software, with over 50% of government workers stating that there are other products or services that could help them do their jobs better.</p><p>According to Google's data, around 84% of D.C. metro government employees primarily use Microsoft products at work, including Word, Outlook, Teams, and OneDrive. This is confirmed by another recent study by <a href="https://omdia.tech.informa.com/-/media/tech/omdia/marketing/commissioned-research/pdfs/the-case-for-vendor-diversity-the-need-for-change-in-government-technology-and-procurement-practices.pdf?rev=0b250c31616c43549937d2c07832afdc" target="_blank">Omdia</a> which found 85% of government employees use Microsoft productivity software.</p><p>“This reliance on a single software suite might suggest that these products are safe and secure, but the Public Opinion Strategies survey found that more than half of all respondents said that the government’s reliance on these Microsoft products actually made the federal government more vulnerable to hacking or cyber attacks,” said Manfra.</p><p>However, a <a href="https://www.itpro.com/cloud/cloud-security/361958/google-drive-most-malware-downloads-2021" target="_blank" data-original-url="https://www.itpro.com/cloud/cloud-security/361958/google-drive-most-malware-downloads-2021">US Senate report released last August</a> detailed that seven out of eight federal agencies had failed to protect critical data due to inadequate cyber security policies, rather than problems with their systems. It stated that most agencies failed to install security patches quickly enough, and warned that at least seven out of the eight agencies are still using legacy systems that have reached end of life, and no longer receive vendor security patches.</p><p>When survey respondents were asked why their employers used Microsoft services, 45% said the reason was because their employer has always used those products and services and doesn’t want to change, while 55% said because they are the most effective at helping them to do their job.</p><div  class="fancy-box"><div class="fancy_box-title">RELATED RESOURCE</div><div class="fancy_box_body"><figure class="van-image-figure "  ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="NhMQzdZrFWPUNLGH4vbCi8" name="NhMQzdZrFWPUNLGH4vbCi8.png" caption="" alt="" src="https://cdn.mos.cms.futurecdn.net/NhMQzdZrFWPUNLGH4vbCi8.png" mos="https://cdn.mos.cms.futurecdn.net/NhMQzdZrFWPUNLGH4vbCi8.png" link="" align="" fullscreen="" width="0" height="0" attribution="" endorsement="" class="pinterest-pin-exclude"></p></div></div></figure><p class="fancy-box__body-text"><strong>The state of SD-WAN, SASE and zero trust security architectures</strong></p><p class="fancy-box__body-text">Be a leader in the deployment of zero trust, SD-WAN and SASE</p><p class="fancy-box__body-text">FREE DOWNLOAD</p></div></div><p>Manfra said that with so many respondents reporting they're dissatisfied with their legacy IT solutions, it may be time for the government to rethink its approach to procurement.</p><p>“As governments work to meet the demands and preferences of their constituents—and their employees—it’s clear that there’s an overreliance on legacy solutions, despite a track record of cyber security vulnerabilities and poor user perception,” she added.</p><p><em>IT Pro</em> has contacted Microsoft for comment.</p><p>Despite the tech giant criticising Microsoft for its cyber security, it isn't immune to these kinds of threats either. In February, it had to resolve a <a href="https://www.itpro.com/mobile/google-android/362216/google-patches-critical-android-12-security-flaws" target="_blank" data-original-url="https://www.itpro.com/mobile/google-android/362216/google-patches-critical-android-12-security-flaws">critical security flaw</a> in Android 12 with its February 2022 Android security update. In the same month, the company had to release another wave of patches for <a href="http://Google%20has%20released%20a%20fresh%20wave%20of%20patches%20for%20seven%20high-severity%20security%20issues%20affecting%20Google%20Chrome,%20including%20one%20zero-day%20vulnerability%20under%20active%20exploitation." target="_blank">seven high-severity issues affecting Chrome</a>, including one zero-day vulnerability being actively exploited.</p><p>A report highlighted in January that <a href="https://www.itpro.com/cloud/cloud-security/361958/google-drive-most-malware-downloads-2021" target="_blank" data-original-url="https://www.itpro.com/cloud/cloud-security/361958/google-drive-most-malware-downloads-2021">Google Drive accounted for the most malware downloads</a> in 2021, taking the top spot from Microsoft OneDrive. It accounted for 37% of all malicious downloads last year, while OneDrive fell to second place with 20% of downloads.</p><p>Google Cloud also revealed in November last year that <a href="https://www.itpro.com/cloud/cloud-computing/361672/hacked-google-cloud-platform-instances-are-riddled-with-cryptominers" target="_blank" data-original-url="https://www.itpro.com/cloud/cloud-computing/361672/hacked-google-cloud-platform-instances-are-riddled-with-cryptominers">86% of compromised Google Cloud Platform</a> instances in 2021 led to cryptocurrency miners being dropped into customers' environments. Its customers were heavily targeted by attackers who were attempting to leverage the high levels of compute available to them without having to pay for it.</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ The IT Pro Podcast: Do we need AI regulation? ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/technology/artificial-intelligence-ai/367275/the-it-pro-podcast-do-we-need-ai-regulation</link>
                                                                            <description>
                            <![CDATA[ The debate around the value of development guardrails is growing increasingly heated ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">a6V8HnFSqTrKRiXVbPGxvM</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/QShD9fofRWNxqF973yE2vk-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Fri, 01 Apr 2022 06:30:12 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Artificial Intelligence]]></category>
                                                    <category><![CDATA[Technology]]></category>
                                                                                                                    <dc:creator><![CDATA[ IT Pro ]]></dc:creator>                                                                                    <dc:source><![CDATA[ null ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/QShD9fofRWNxqF973yE2vk-1280-80.jpg">
                                                            <media:credit><![CDATA[null]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[IT Pro Podcast Thumbnail Image: Do we need AI regulation?]]></media:description>                                                            <media:text><![CDATA[IT Pro Podcast Thumbnail Image: Do we need AI regulation?]]></media:text>
                                <media:title type="plain"><![CDATA[IT Pro Podcast Thumbnail Image: Do we need AI regulation?]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/QShD9fofRWNxqF973yE2vk-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>In the modern world, AI is everywhere, powering a variety of applications from enterprise business intelligence tools to sorting through photos of our pets. But as the technology becomes more and more widespread, concerns have been raised about the potential dangers that could be posed by unrestrained AI development. </p><p>Calls have been intensifying from campaigners seeking guardrails on how AI systems are developed, and the kind of use-cases they’re applied to, with opponents arguing that legislation governing AI development would only stifle innovation. Joining us this week to discuss the feasibility of AI regulation, the need for AI codes of practice and the responsibility of organisations to ensure ethical development is Cindi Howson, chief data strategy officer for analytics software vendor ThoughtSpot.</p><iframe frameborder="0" height="350px" width="100%" data-lazy-priority="low" data-lazy-src="https://widget.spreaker.com/player?episode_id=49267622&theme=light&playlist=false&playlist-continuous=false&chapters-image=true&episode_image_position=right&hide-logo=false&hide-likes=true&hide-comments=true&hide-sharing=true&hide-download=true&color=ffe019"></iframe><h2 id="highlights">Highlights</h2><p>"So one of the hot buttons in AI is really facial recognition. There are some issues, let's say, also with financial services and discrimination there. So if we think about some of the broad-based AI; facial recognition. Where we do not want it is we do not ever want to arrest somebody based on a match, a potential match, of a photo scanned from somebody walking down the street. That's invasive, it's a violation of privacy. And the degree of accuracy is not high enough, particularly with minority communities or people with darker skin tones."</p><p>"I mean, again, financial services. Let's take this: if you train your data, going too far back - and I lived in Switzerland for eight years married to a Brit. Because I was married, I was not allowed to have my own bank account. This is twenty five years ago. So if you trained your model on historical data going back 25 years, well, I'm going to look like a big credit risk, a bigger credit risk. So this is a problem. Now, a woman knows this rule deeply. If I only have male developers working on this, then I may not even think, Oh, wait, if I go too far back, that data is biased."</p><p>"So the first question, how do we stay on top of this, it has to be education. And education, not just for the data professionals, and the AI professionals, it is up to every citizen to understand the good of AI and the bad."</p><p><em>Read the full transcript <a href="https://www.itpro.com/technology/artificial-intelligence-ai/367274/podcast-transcript-do-we-need-ai-regulation" data-original-url="https://www.itpro.com//technology/artificial-intelligence-ai/367274/podcast-transcript-do-we-need-ai-regulation">here</a>.</em></p><h2 id="footnotes">Footnotes</h2><ul><li><a href="https://www.itpro.com/technology/artificial-intelligence-ai/34792/apple-co-founder-wozniak-echoes-sexist-apple-card" data-original-url="https://www.itpro.com/technology/artificial-intelligence-ai/34792/apple-co-founder-wozniak-echoes-sexist-apple-card">Apple co-founder Wozniak echoes sexist Apple Card allegations</a></li><li><a href="https://www.itpro.com/technology/artificial-intelligence-ai/354824/how-to-spot-if-not-fix-algorithmic-bias" data-original-url="https://www.itpro.com/technology/artificial-intelligence-ai/354824/how-to-spot-if-not-fix-algorithmic-bias">How to spot – if not fix – algorithmic bias</a></li><li><a href="https://www.itpro.com/technology/artificial-intelligence-ai/361691/uk-gov-launches-algorithmic-transparency-standard" data-original-url="https://www.itpro.com/technology/artificial-intelligence-ai/361691/uk-gov-launches-algorithmic-transparency-standard">Industry "delighted" with UK's 'landmark' anti-bias AI standard</a></li><li><a href="https://www.itpro.com/data-insights/30212/what-is-an-algorithm" data-original-url="https://www.itpro.com/data-insights/30212/what-is-an-algorithm">What is an algorithm?</a></li><li><a href="https://www.itpro.com/technology/artificial-intelligence-ai/355756/do-we-need-an-algorithm-police" data-original-url="https://www.itpro.com/technology/artificial-intelligence-ai/355756/do-we-need-an-algorithm-police">Do we need an algorithm police?</a></li><li><a href="https://www.itpro.com/business-operations/business-management/361100/facebook-algorithm-put-profit-before-public-safety" data-original-url="https://www.itpro.com/business-operations/business-management/361100/facebook-algorithm-put-profit-before-public-safety">Facebook put "profit before public safety" with algorithm change</a></li><li><a href="https://www.itpro.com/technology/artificial-intelligence-ai/356792/the-a-level-results-crisis-has-once-again-shown-the" data-original-url="https://www.itpro.com/technology/artificial-intelligence-ai/356792/the-a-level-results-crisis-has-once-again-shown-the">The A-level results crisis has once again shown the limits of AI</a></li><li><a href="https://www.itpro.com/technology/machine-learning/357173/twitter-open-sourcing-ai-algorithm-to-scour-for-biases" data-original-url="https://www.itpro.com/technology/machine-learning/357173/twitter-open-sourcing-ai-algorithm-to-scour-for-biases">Twitter to make AI algorithm open source to scour for biases</a></li><li>What is AI?</li><li><a href="https://www.itpro.com/strategy/29848/is-artificial-intelligence-safe" data-original-url="https://www.itpro.com/strategy/29848/is-artificial-intelligence-safe">Is artificial intelligence safe?</a></li><li><a href="https://www.itpro.com/technology/artificial-intelligence-ai/362082/building-an-ai-superpower-does-the-uk-stand-a-chance" data-original-url="https://www.itpro.com/technology/artificial-intelligence-ai/362082/building-an-ai-superpower-does-the-uk-stand-a-chance">Building an AI superpower: Does the UK stand a chance?</a></li><li><a href="https://www.itpro.com/technology/artificial-intelligence-ai/362255/idc-expects-spending-on-ai-to-increase-by-a-fifth-in" data-original-url="https://www.itpro.com/technology/artificial-intelligence-ai/362255/idc-expects-spending-on-ai-to-increase-by-a-fifth-in">IDC expects spending on AI to increase by a fifth in 2022</a></li><li><a href="https://www.itpro.com/technology/artificial-intelligence-ai/362215/how-to-monetise-ai-for-better-business-outcomes" data-original-url="https://www.itpro.com/technology/artificial-intelligence-ai/362215/how-to-monetise-ai-for-better-business-outcomes">How to monetise AI for better business outcomes</a></li><li><a href="https://www.itpro.com/technology/artificial-intelligence-ai/362104/fujitsu-to-establish-ai-ethics-and-governance-office" data-original-url="https://www.itpro.com/technology/artificial-intelligence-ai/362104/fujitsu-to-establish-ai-ethics-and-governance-office">Fujitsu to establish AI Ethics and Governance Office</a></li><li><a href="https://www.itpro.com/technology/artificial-intelligence-ai/359289/ec-unveils-new-draft-ai-regulations" data-original-url="https://www.itpro.com/technology/artificial-intelligence-ai/359289/ec-unveils-new-draft-ai-regulations">EU proposes strict regulations to curb AI misuse</a></li><li><a href="https://www.itpro.com/technology/artificial-intelligence-ai/361871/most-uk-businesses-say-data-regulations-stifle-ai" data-original-url="https://www.itpro.com/technology/artificial-intelligence-ai/361871/most-uk-businesses-say-data-regulations-stifle-ai">Most UK businesses say data regulations are stifling AI innovation</a></li><li><a href="https://www.itpro.com/technology/artificial-intelligence-ai/361223/uk-gov-urged-to-protect-right-to-review-ai-decisions" data-original-url="https://www.itpro.com/technology/artificial-intelligence-ai/361223/uk-gov-urged-to-protect-right-to-review-ai-decisions">UK gov urged to protect human right to review AI decisions</a></li></ul><h2 id="subscribe">Subscribe</h2><ul><li><a href="https://apple.sjv.io/c/221109/473657/7613?subId1=itpro-gb-1243831151189624600&sharedId=itpro-gb&u=https%3A%2F%2Fpodcasts.apple.com%2Fgb%2Fpodcast%2Fthe-itpro-podcast%2Fid1483810154">Subscribe to The IT Pro Podcast on Apple Podcasts</a></li><li><a href="https://podcasts.google.com/?feed=aHR0cHM6Ly9pdHByb3BvZGNhc3QubGlic3luLmNvbS9yc3M">Subscribe to The IT Pro Podcast on Google Podcasts</a></li><li><a href="https://open.spotify.com/show/7HpYehTy752KmtbwpOAgRZ">Subscribe to The IT Pro Podcast on Spotify</a></li><li><a href="https://www.itpro.com/newsletter-signup" data-original-url="https://www.itpro.com/newsletter-signup">Subscribe to the IT Pro newsletter</a></li><li><a href="https://www.itpro.com/magazine-signup" data-original-url="https://www.itpro.com/magazine-signup">Subscribe to IT Pro 20/20</a></li></ul>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Podcast transcript: Do we need AI regulation? ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/technology/artificial-intelligence-ai/367274/podcast-transcript-do-we-need-ai-regulation</link>
                                                                            <description>
                            <![CDATA[ Read the full transcript for this episode of the IT Pro Podcast ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">h4wWrH79gV1XbwA3sZvmx8</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/SeHmMMxB69hRY2xhctWxyk-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Fri, 01 Apr 2022 06:30:07 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Artificial Intelligence]]></category>
                                                    <category><![CDATA[Technology]]></category>
                                                                                                                    <dc:creator><![CDATA[ IT Pro ]]></dc:creator>                                                                                    <dc:source><![CDATA[ null ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/SeHmMMxB69hRY2xhctWxyk-1280-80.jpg">
                                                            <media:credit><![CDATA[null]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Podcast transcript: Do we need AI regulation?]]></media:description>                                                            <media:text><![CDATA[Podcast transcript: Do we need AI regulation?]]></media:text>
                                <media:title type="plain"><![CDATA[Podcast transcript: Do we need AI regulation?]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/SeHmMMxB69hRY2xhctWxyk-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p><em>This automatically-generated transcript is taken from the IT Pro Podcast episode ‘Do we need AI regulation?'. To listen to the full episode,</em> <a href="https://www.itpro.com/technology/artificial-intelligence-ai/367275/the-it-pro-podcast-do-we-need-ai-regulation" data-original-url="https://www.itpro.com//technology/artificial-intelligence-ai/367275/the-it-pro-podcast-do-we-need-ai-regulation"><em>click here</em></a><em>. We apologise for any errors.</em></p><h3 class="article-body__section" id="section-adam-shepherd"><span>Adam Shepherd</span></h3><p>Hi, I'm Adam Shepherd. </p><h3 class="article-body__section" id="section-sabina-weston"><span>Sabina Weston </span></h3><p>And I'm Sabina Weston.</p><h3 class="article-body__section" id="section-adam"><span>Adam </span></h3><p>And you're listening to the IT Pro Podcast where this week we're examining the area of AI regulation.</p><h3 class="article-body__section" id="section-sabina"><span>Sabina </span></h3><p>The AI industry has been going from strength to strength over the past several years, with machine learning technology becoming increasingly widely available to businesses, along with a stream of breakthroughs in research and development. However, this explosion of AI capabilities has also brought its share of problems.</p><h3 class="article-body__section" id="section-adam"><span>Adam </span></h3><p>Questions of model transparency, implicit bias and ethical deployments have frequently been levelled at efforts in this space. And numerous campaigners have called for governments to introduce legislation, which will place greater controls on the development and implementation of AI systems.</p><h3 class="article-body__section" id="section-sabina"><span>Sabina </span></h3><p>Joining us this week to discuss the issue of AI regulation, whether it's necessary and how it might be implemented without stifling innovation is Cindi Howson, chief data strategy officer for analytics software vendor ThoughtSpot. Cindi, great to have you on the show.</p><h3 class="article-body__section" id="section-cindi-howson"><span>Cindi Howson </span></h3><p>Great to be here, Sabina, and Adam.</p><h3 class="article-body__section" id="section-adam"><span>Adam </span></h3><p>So Cindi, can you tell us a little bit about what ThoughtSpot does?</p><h3 class="article-body__section" id="section-cindi"><span>Cindi </span></h3><p>Sure. So ThoughtSpot is the modern analytics cloud platform. We use search and AI-driven insights to allow people to find the meaningful insights in their data. Within the context of AI, we would call this more narrow AI. And yet still trust and transparency is very important. So if we generate an insight using AI, we also will give the users full transparency over the inputs. So if gender was an input, or postcode, things like this, and users can choose to remove those variables from the input to the AI.</p><h3 class="article-body__section" id="section-adam"><span>Adam </span></h3><p>So Cindi, what is the current state of AI legislation?</p><h3 class="article-body__section" id="section-cindi"><span>Cindi </span></h3><p>Well, I think you'd have to put some boundaries on that down to the city-country world region. You know it. So it really does vary. I would say there's not strict regulation per country. In the UK, it's more about innovation. There's a lot of ideas and proposals out there. But getting very precise, is something banned. That is more the exception.</p><h3 class="article-body__section" id="section-adam"><span>Adam </span></h3><p>So it's kind of quite fragmented at the moment.</p><h3 class="article-body__section" id="section-cindi"><span>Cindi </span></h3><p>Yes, fragmented and inconsistent. But in its early days, let's say.</p><h3 class="article-body__section" id="section-adam"><span>Adam </span></h3><p>So what's the impact of that? Do you think from the perspective of building and deploying AI technologies?</p><h3 class="article-body__section" id="section-cindi"><span>Cindi </span></h3><p>Right now, in terms of building and deploying? I don't think there is a big impact. If you think about the technology providers working on AI systems, what they want from regulation is a level playing field. But they do not want innovation stifled. what citizens want is all the good that AI can bring. And I don't think we talk about that enough. I think there's still a lot of fear about AI. And that is where we need informed regulation.</p><h3 class="article-body__section" id="section-sabina"><span>Sabina </span></h3><p>That's a very interesting subject here, because, on one hand, this regulation is needed. But I remember I remember covering research in December 2021, which found that 70% of UK businesses, well, the majority of UK businesses in that study said about data regulation was stifling AI innovation. And many, like 70% needed more information to help them navigate this very complex legal requirements surrounding especially data collection and use to vent sort of like to be used in artificial intelligence. And how do you see that, especially in the, in the market at the moment?</p><h3 class="article-body__section" id="section-cindi"><span>Cindi </span></h3><p>Well, I mean, so So let's parse that a little bit. And you also talked about the data collection, which then we need data to build AI. And this is actually where the problems start because we do not have enough of a recognition that all data is biased. And let's also take some examples. So one of the hot buttons in AI is really facial recognition. There are some issues, let's say also with financial services and discrimination there. So if we think about some of the broad based AI facial recognition where we do not want it is we do not ever want to arrest somebody based on a match, a potential match of a photo scanned from somebody walking down the street. That's invasive, it's a violation of privacy. And the degree of accuracy is not high enough, particularly with minority communities or people with darker skin tones. So we don't want that. But I will also say when I visit the UK, I love the facial recognition at London Heathrow Airport, you know, the lines there have gone from two hours to about five minutes to immigrate. I love the way AI facial recognition is being used to rescue children from human trafficking. So this is the good of AI. But we need to separate it from when it can be used to unintentionally harm and create bias at scale, really.</p><h3 class="article-body__section" id="section-adam"><span>Adam </span></h3><p>So what role do you think legislation can play in helping to, I guess put in guardrails for that kind of that kind of potentially harmful use case that you've touched on?</p><h3 class="article-body__section" id="section-cindi"><span>Cindi </span></h3><p>Yeah, so I see legislation in general, as just the moral minimum company should be better than legislation. Legislation is, in a way, a reaction when companies have not behaved in the best interests of the citizens and sometimes their stakeholders. So maybe in the rush to get an algorithm out there. They didn't do all the vetting of what was the data used to train the model. And again, we have to go back to all data is biased, and how do we overcome that? We need it to be explainable, not to the point that you're revealing intellectual property, but more that the human interpreting the AI model can say, oh, I can see where this would be a problem. And so the regulation is the moral minimum companies have to be more proactive on these other aspects.</p><h3 class="article-body__section" id="section-sabina"><span>Sabina </span></h3><p>How do we get companies to be more proactive? Because it seems like they, it would be great to assume that they follow, you know, they are better than for roles, but unfortunately, we've seen when in many cases, but they really do take advantage of any potential loophole. And especially in you know, in relation to data collection, or even, you know, full on, full on the scraping from, you know, social media, you know, any, for facial recognition usage. We've seen a lot of abuses of, of data, I think privacy, what I call it data privacy requirements, or data protection. My question is basically, what can we do to get companies to actually behave themselves and restrict regulation?</p><h3 class="article-body__section" id="section-cindi"><span>Cindi </span></h3><p>How do we make well, companies don't want, again, companies want regulation only to the extent that it levels the playing field. But what's also not helpful is if a company has invested so much in AI and bringing a product or an algorithm to market, let's look at the Apple Pay and the credit card. And then they found out afterwards, oh, wait a minute. There's some biases in here. Why is the woman who earns the higher salary, better credit score, getting a lower credit, than her husband, is what happened in that situation? So once a company has invested in an AI application, that's almost a little too late. So we need education. So it has to be a multifaceted approach. And this is where I think it has to be education of both the customers or people that benefit from the AI. And so that's us, the citizens. It also has to be the people building the models. And I was very discouraged to read a data point from a McKinsey survey, that even the best in class companies, only 36% of the best companies that AI leaders, as McKinsey dubs them proactively looks for biases in their data. And that's where a lot of the problems start. So this is really an education of the AI and data science community. And then it really has to be conversations with a broader range, a more diverse set of stakeholders, the customers as well as the company providing it, as well as community watchdog groups in the UK, I follow the work of Big Brother UK. So academia I think has a role to play here. This point of diversity is a very pernicious problem, because unless we have diverse developers working on these AI models, it's the unintended outcomes and the unintentional bias the questions that you did not think to ask</p><h3 class="article-body__section" id="section-adam"><span>Adam </span></h3><p>it's unknown unknowns, right? Yeah, yeah.</p><h3 class="article-body__section" id="section-cindi"><span>Cindi </span></h3><p>I mean, again, financial services. Let's take this: if you train your data, going too far back, and I lived in Switzerland for eight years married to a Brit, because I was married, I was not allowed to have my own bank account. This is five years ago right now. So if you trained your model on historical data going back 25 years, well, I'm going to look like a big credit risk, a bigger credit risk. So this is a problem. Now, a woman knows this rule deeply. If I only have male developers working on this, then I may not even think, Oh, wait, if I go too far back, that data is biased.</p><h3 class="article-body__section" id="section-sabina"><span>Sabina </span></h3><p>I think we especially see it with, like you said earlier minorities, but a lot of algorism, especially in facial recognition are trained on white faces, on the Caucasian faces. And yeah, I think the biggest problem is about a lot of the times when it comes to facial recognition software it classes. Black women as men, it doesn't seem agenda for black people a lot of times. And, and yeah, it just stems from like, maybe not complete, like, like a very big like problem of diversity issues in the tech industry. This is what basically showcases Yeah,</p><h3 class="article-body__section" id="section-cindi"><span>Cindi </span></h3><p>yeah, Sabina. It's the diversity of the data. It's the training data. So this is where I do think synthetic data may help with some of these things. This is still early days in the industry, but there are some companies working on this. But it's then so you only have so much data available. So recognise that the data is biased account for that in the model development, and then reveal the limitations. So this is also where AI on its own. We're not We're not ready for that it's human plus AI. So use the facial recognition, or whatever use the algorithm to inform your research your decision, but then it has to be ai plus the human using both.</p><h3 class="article-body__section" id="section-adam"><span>Adam </span></h3><p>So just to bring it back to the question of legislation, then we've talked a lot about the knowledge side of things and making sure that you're asking the right questions. When you're building an algorithm or an AI system, which a lot of organisations currently aren't doing. Do you think then this is an argument for imposing, if you like, due diligence requirements on companies that are looking to build AI systems?</p><h3 class="article-body__section" id="section-cindi"><span>Cindi </span></h3><p>Yes, and this is where I think so regulation is almost just, you don't want it to be so precise that it renders AI useless, and people will stay out of the market. You want regulation to protect those who might be harmed from AI. And so having guidance is saying it should never just be an AI only decision, whether it's in criminal sentencing, or there was again, a mistake about something about who could get certain retirement benefits in one school system. And so you want the AI regulation to prohibit that. Now, can we get so precise to say there has to be a degree of transparency or Explainable AI to say what the inputs were to a particular model. I think that's good. I think that degree of regulation does not invade somebody's IP, or encroach on somebody's intellectual property. But once you start saying you have to share the full code, then then you can forget it.</p><h3 class="article-body__section" id="section-adam"><span>Adam </span></h3><p>But I think there's, before you get to that stage, even I think there's an argument for saying in the way that you know, you have things like Know Your Customer regulations, I think there's an argument for saying, Okay, if you want to implement an AI system, if you want to even, you know, build an AI or machine learning driven system, these are the questions that you need to be able to demonstrate that you have asked internally, before you start putting pen to paper with the with the code, you know, you need to have, you need to have asked, you know, where are we getting our data from? Is it as unbiased as can be reasonably expected? You know, what are the, you know, what the range of applications that we're looking to put this AI system to? Are there any unintended consequences that this could potentially have? And asking those kinds of questions before you start on a project? You know, we've heard from multiple sources throughout the industry is how you build robust and beneficial AI models.</p><h3 class="article-body__section" id="section-cindi"><span>Cindi </span></h3><p>Yes, and I think your point, so doing this early in the process should be something that companies are doing, regardless of regulation. Now, if you want to tell them, they have to do it, fine. But then I would also get more prescriptive and say, Who is the contrarian reviewing the unintended consequences? If you look at what happened with Timnit, at Google, she was and one of the leading AI researchers, she spoke out against some potential harm from some of the AI. And we still don't know the full details but was fired. So then being a contrarian, and an employee is difficult. Having a contrarian from a marginalised group who is brainstorming, and identifying the unintended consequences, again, is a best practice, should it be regulated? Possibly.</p><h3 class="article-body__section" id="section-sabina"><span>Sabina </span></h3><p>When it comes to the self regulation, what do you think about companies such as Fujitsu, for example, establishing their own AI, like governance offices, we've seen that on the in late January this year. So that was only a few weeks ago, really about that Fujitsu established its AI ethics and governance office. What do you think about companies taking the steps to sort of like establishing their own sort of like, self regulation? Office like that?</p><h3 class="article-body__section" id="section-cindi"><span>Cindi </span></h3><p>I think it's a great idea. I think all companies should be doing this and doing this proactively. But again, I would want to know, what is the composition of that AI ethics review board? How diverse is it? Both in terms of the professionals, and also the who are the groups that may benefit from the AI? And who might be potentially harmed from the AI? You need to have both as part of that? This is almost where at one point I wrote about, should we have just like, there's for doctors, a Hippocratic Oath, should there really be for AI builders a kind of oath or do no harm?</p><h3 class="article-body__section" id="section-adam"><span>Adam </span></h3><p>At the very least that kind of code of practice?</p><h3 class="article-body__section" id="section-cindi"><span>Cindi </span></h3><p>Yes, yes. And and, you know, recently, I had an interesting conversation with the chief data officer at a company on the data chief podcast. And we were talking about how it's really a failure of the data science education system, where the developers are rewarded, and academia rewards them for how much their model improved, and they are not paying enough attention of what was the training data set. And given that I come from a data background, to me that is the root of so many problems. And so we have a disconnect between AI developers, data science professionals, and data professionals. That really feeds the AI models.</p><h3 class="article-body__section" id="section-adam"><span>Adam </span></h3><p>What it kind of comes back to a lot for me, is there really isn't any oversight of AI, specifically in the way that there is for other elements of technology. I mean, in the UK, for example, we have the Information Commissioner's Office that looks into things like data breaches, and you know, data protection and all of that kind of stuff, which overlaps with AI in a lot of cases. But I think there is a strong argument for having an organisation like that, that is specifically focused on kind of ensuring and enforcing and advising on AI best practice, because it's, it's not going away, and it's only going to get more influential.</p><h3 class="article-body__section" id="section-cindi"><span>Cindi </span></h3><p>Yes, so some of these best practices I see are coming out from different regulating and governing bodies. So they are just guidelines, the degree that practitioners are aware of them and follow them vary. So for example, under in the US, under the Trump administration, it was much more hands off, there was the federal data strategy that had aI recommendations and guide guidelines in there. Under the Biden administration, there is more coming out from the OSTP, the Office of Science and Technology. And and we once again, have a US chief data scientist, we did not have that here in the last four years. So but all of these are frameworks, they're frameworks. They're not required practices.</p><h3 class="article-body__section" id="section-adam"><span>Adam </span></h3><p>They're not binding in any way. Exactly.</p><h3 class="article-body__section" id="section-sabina"><span>Sabina </span></h3><p>Yeah, I think in the EU, we're seeing regulation come out, which is actually legally binding. And is basically we'll see for implementation of fines, like, which are very similar to how the GDPR fines work. But this will be basically used, as, you know, fines for abusing artificial intelligence. misuses? Yeah, well, yeah.</p><h3 class="article-body__section" id="section-cindi"><span>Cindi </span></h3><p>And this is where I just think we kind of put the cart before the horse here. So because again, most of where AI goes wrong, was unintentional. So we can say, and I, if I remember correctly, it's 6 million euros, or sorry, 6% of turnover, or 30 million euros, whichever amount is higher. Now, defining the harm here, and where did it go wrong? Was it really the model? Or is it how somebody used the model? If it's a self driving car that killed somebody, and it was a decision between hitting a tree or hitting a little old lady crossing the street? And yet the car manufacturer or the person developing the AI that drives that car, If they said, you know, it's never recommended that you put it in self drive mode in a neighbourhood, Well, who's really at fault here? Who's really involved?</p><h3 class="article-body__section" id="section-sabina"><span>Sabina </span></h3><p>Yeah, well, there's a change in that I think there's supposed to be another like changing law about this. Because technically, I think that changing the way sort of like have a responsibility of the so called driver of the car, but it's technically not a driver anymore, it's, I think there's going to be like, the person in the car can be sort of like they'll have due to the car being self driving. But that driver has less of an authority then, than what we saw in previous sort of like in normal car models. So again, it's like, the waste of like, the law has to constantly be updated. How do we stay sort of, like on top of, you know, technology being developed? And how many, you know, and how often should we review these laws really?</p><h3 class="article-body__section" id="section-cindi"><span>Cindi </span></h3><p>So the first question, how do we stay on top of this, it has to be education. And education, not just for the data professionals, and the AI professionals, it is up to every citizen to understand the good of AI and the bad. You know, the same thing is true with GDPR. GDPR is Europe-led here, California came out with CCPA later, but your blood here really is a way of protecting the individual's data privacy, but there were some negative consequences in that it's harder to get personalised recommendations like I want that loyalty coupon or what have you. So every citizen has to Be educated about this. And if I can make a recommendation I think of in the analytics industry, a groundbreaking book was Moneyball and later made into a movie. To me, every family should watch the documentary coded bias, that details some, it's on Netflix.</p><h3 class="article-body__section" id="section-sabina"><span>Sabina </span></h3><p>I really liked it.</p><h3 class="article-body__section" id="section-cindi"><span>Cindi </span></h3><p>Yeah. And it is it doesn't get so deep that you'll get lost in the technology. The other one would, would maybe also be the social dilemma. Now I would like a more balanced view, because I want people to understand the good of AI, whether it's again, the human trafficking or just look on your phone, look at your pictures on your phone, and filter by cat or dogs. See what you get. I thought it was hysterical. I was I was looking for is we recently had Pi Day 3.14. I think in the UK, it's it's 22.7 is your day for this. But I was looking for photos of pies and a picture of a stuffed bear came up a stuffed animal. Okay, but AI was not working there. But I don't think every citizen understands enough of what AI really is. They think it's just some mysterious thing that tech companies have invented. And yet data is part of our everyday lives. AI is part of our everyday lives. It is what allows you to order an Uber, it is what allows you to immigrate faster. When going into different countries.</p><h3 class="article-body__section" id="section-adam"><span>Adam </span></h3><p>on that basic level is predictive text, right. I mean, that's something that everyone is familiar with. predictive text essentially, is a very basic form of AI.</p><h3 class="article-body__section" id="section-cindi"><span>Cindi </span></h3><p>Yes, yeah. And, and even so, so think of all the good I mean, AI is being used to expedite cancer recognition. This is huge. So I think of AI, it is the best of times, and the worst of times, and if we do not get this right, and to me, regulation is an afterthought. It's a moral minimum. We have to have this multifaceted approach, education of the professionals, but also the citizens. What do you want? What do you want AI to do for you? And what do you not want it to do? So a lot of times, we're just not being proactive about the potential harm, and in the risk for profit, and the race. And let's also keep in mind, this is not just a single country race, this is a global race. So this is where we want regulation to level the playing field to protect people who might be harmed. But we do not want it to stifle innovation, because there are countries that are less ethical about this, that will develop AI faster, and we do not want that.</p><h3 class="article-body__section" id="section-adam"><span>Adam </span></h3><p>So with that in mind then, although specific regulation isn't yet eminent companies can still ensure that they're approaching the topic responsibly and developing this technology in a safe way that's going to provide actual benefit. What would your top tips be for ethical AI development?</p><h3 class="article-body__section" id="section-cindi"><span>Cindi </span></h3><p>The first one is Sabina mentioned, have a review board, make AI ethics core to your data science and AI programme. And make sure that you have some external stakeholders there, the contrarians and the people, not only who will benefit from it, but who may be harmed from it. The other big thing is education. Recognising where bias starts, and just acknowledging that all data is biased that alone is not something that we have enough recognition about.</p><h3 class="article-body__section" id="section-adam"><span>Adam </span></h3><p>Well, I'm afraid that's all we've got time for on this week's show. But thanks once again to ThoughtSpot’s Cindi Howsen for joining us.</p><h3 class="article-body__section" id="section-cindi"><span>Cindi </span></h3><p>Thank you, Adam and Sabina, it's been lovely.</p><h3 class="article-body__section" id="section-sabina"><span>Sabina </span></h3><p>You can find links to all of the topics we've spoken about today in the show notes, and even more on our website: itpro.co.uk.</p><h3 class="article-body__section" id="section-adam"><span>Adam </span></h3><p>You can also follow us on social media as well as subscribe to our daily newsletter.</p><h3 class="article-body__section" id="section-sabina"><span>Sabina </span></h3><p>We'll be back next week with more analysis from the world of it but until then, goodbye. </p><h3 class="article-body__section" id="section-adam"><span>Adam</span></h3><p>Bye.</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Uber secures 30-month licence to operate in London ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/business/policy-legislation/367225/tfl-grants-uber-30-month-licence-london</link>
                                                                            <description>
                            <![CDATA[ This comes after a regulatory battle between Uber and TfL dating back to 2017 ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">xqkEtb1NaZooiETZDz78z9</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/VT7scWZuihiTZh8a2rSPaP-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Mon, 28 Mar 2022 09:21:46 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Policy and Legislation]]></category>
                                                    <category><![CDATA[Business]]></category>
                                                                                                                    <dc:creator><![CDATA[ Zach Marzouk ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/ncLkbsDMZ6b76Lc5iS6mZh.jpg ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/VT7scWZuihiTZh8a2rSPaP-1280-80.jpg">
                                                            <media:credit><![CDATA[Shutterstock]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[The Uber app open on a smartphone held by a hand]]></media:description>                                                            <media:text><![CDATA[The Uber app open on a smartphone held by a hand]]></media:text>
                                <media:title type="plain"><![CDATA[The Uber app open on a smartphone held by a hand]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/VT7scWZuihiTZh8a2rSPaP-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>Uber has been granted a 30-month licence to operate private hire vehicles in London.</p><p>The ride-hailing company confirmed in a tweet that it had secured a two-and-a-half-year licence from Transport for London (TfL), adding that TfL rightly holds its industry to the highest <a href="https://www.itpro.com/business/policy-legislation/355856/what-is-anticipatory-regulation" target="_blank" data-original-url="https://www.itpro.com/business/policy-legislation/355856/what-is-anticipatory-regulation">regulatory</a> and safety standards and it is pleased to have met their high bar.</p><div  class="fancy-box"><div class="fancy_box-title"></div><div class="fancy_box_body"><p class="fancy-box__body-text"><a data-analytics-id="inline-link" href="https://www.itpro.com/business/policy-legislation/357260/uber-wins-london-license-plugging-it-gaps" data-original-url="/business/policy-legislation/357260/uber-wins-london-license-plugging-it-gaps">Uber wins license to operate in London after ‘plugging IT gaps’</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/business/policy-legislation/357116/uber-claims-its-makes-london-safer-in-tfl-licence-battle" data-original-url="/business/policy-legislation/357116/uber-claims-its-makes-london-safer-in-tfl-licence-battle">Uber claims it makes London "safer" in TfL licence battle</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/business/policy-legislation/354196/uber-denied-licence-to-operate-in-london" data-original-url="/business/policy-legislation/354196/uber-denied-licence-to-operate-in-london">Uber denied licence to operate in London</a></p></div></div><p>The company said that as it continues to serve in London, it remains focused on raising industry standards in all areas. This includes offering drivers the benefits and protections they deserve, ensuring all Londoners can get around safely and becoming a fully electric platform by 2025.</p><p>"Uber has been granted a London private hire vehicle operator’s licence for a period of two and a half years," a TfL spokesperson told <em>IT Pro</em>.</p><p>Uber has had to fight for a licence to operate in London over the past few years. In 2017, TfL <a href="https://www.itpro.com/it-legislation/29544/uber-not-fit-and-proper-to-run-in-london-tfl-decides" target="_blank" data-original-url="https://www.itpro.com/it-legislation/29544/uber-not-fit-and-proper-to-run-in-london-tfl-decides">said it wouldn’t issue Uber</a> a private hire operator licence, stating that the company wasn’t fit and proper to hold one. </p><p>Then, in June 2018, <a href="https://www.itpro.com/policy-legislation/31366/uber-granted-a-15-month-licence-to-operate-in-london" target="_blank" data-original-url="https://www.itpro.com/policy-legislation/31366/uber-granted-a-15-month-licence-to-operate-in-london">Uber was granted a 15-month probationary licence</a> following a two-day hearing in London. The judge said the company was considered fit and proper to hold a licence, after hearing of the sweeping operational changes it had made since TfL chose not to renew its licence the prior year. </p><div  class="fancy-box"><div class="fancy_box-title">RELATED RESOURCE</div><div class="fancy_box_body"><figure class="van-image-figure "  ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="6u4bhND7qJARukeDS8iBvC" name="6u4bhND7qJARukeDS8iBvC.png" caption="" alt="" src="https://cdn.mos.cms.futurecdn.net/6u4bhND7qJARukeDS8iBvC.png" mos="https://cdn.mos.cms.futurecdn.net/6u4bhND7qJARukeDS8iBvC.png" link="" align="" fullscreen="" width="0" height="0" attribution="" endorsement="" class="pinterest-pin-exclude"></p></div></div></figure><p class="fancy-box__body-text"><strong>Moving forward in a work from anywhere world</strong></p><p class="fancy-box__body-text">A gorilla guide</p><p class="fancy-box__body-text"><a data-analytics-id="inline-link" href="https://www.itpro.com/mobile/remote-access/362252/moving-forward-in-a-work-from-anywhere-world" data-original-url="/mobile/remote-access/362252/moving-forward-in-a-work-from-anywhere-world">FREE DOWNLOAD</a></p></div></div><p>However, in <a href="https://www.itpro.com/business/policy-legislation/354196/uber-denied-licence-to-operate-in-london" target="_blank" data-original-url="https://www.itpro.com/business/policy-legislation/354196/uber-denied-licence-to-operate-in-london">November 2019 it lost its licence to operate once again</a>, with authorities saying it wasn’t a fit and proper operator. Authorities recognised it had made a number of positive changes and improvements but wasn’t enough to satisfy safety officials.</p><p>Finally, in September 2020, <a href="https://www.itpro.com/business/policy-legislation/357260/uber-wins-london-license-plugging-it-gaps" target="_blank" data-original-url="https://www.itpro.com/business/policy-legislation/357260/uber-wins-london-license-plugging-it-gaps">it won a licence to operate in London after plugging IT gaps</a>. It made changes to its systems and internal processes, including the addition of software tools and more automation. This was enough to satisfy Westminster magistrates court, who ruled in favour of Uber after TfL refused to give the company a licence extension.</p><p>Uber securing a 30-month licence comes after the Supreme Court in the UK ruled that Uber drivers must be treated as workers instead of self-employed, which could lead tp minimum wage and holiday pay for thousands of Uber drivers. The Supreme Court said the ride-hailing company has to consider its drivers as workers from the time they log on to the app until they log off.</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Over half of London councils lack cyber insurance ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/security/cyber-security/365761/london-councils-lack-cyber-insurance</link>
                                                                            <description>
                            <![CDATA[ One council representative called the cyber insurance market “very challenging” ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">cPVcaE2peTcgzirVoLPHoX</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/jEcgjwrxDgkjXfaDBqsrBL-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Wed, 09 Mar 2022 11:24:24 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Security]]></category>
                                                                                                                    <dc:creator><![CDATA[ Zach Marzouk ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/ncLkbsDMZ6b76Lc5iS6mZh.jpg ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/jEcgjwrxDgkjXfaDBqsrBL-1280-80.jpg">
                                                            <media:credit><![CDATA[Shutterstock]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[A shield with a keyhole on a radar system denoting cyber security]]></media:description>                                                            <media:text><![CDATA[A shield with a keyhole on a radar system denoting cyber security]]></media:text>
                                <media:title type="plain"><![CDATA[A shield with a keyhole on a radar system denoting cyber security]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/jEcgjwrxDgkjXfaDBqsrBL-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>17 London councils don’t have a <a href="https://www.itpro.com/security/cyber-crime" target="_blank" data-original-url="https://www.itpro.com/search/cyber%20insurance">cyber insurance</a> policy in place to provide support in the event of a <a href="https://www.itpro.com/security/cyber-security/364042/cyber-attacks-against-the-bbc-increase-35-in-two-years" target="_blank" data-original-url="https://www.itpro.com/security/cyber-security/364042/cyber-attacks-against-the-bbc-increase-35-in-two-years">cyber attack on their IT systems</a>.</p><p>That's according to cyber security firm ProLion, which sent Freedom of Information (FOI) requests to each of London’s 32 borough councils plus the City of London in December 2021. In their responses, 17 local authorities admitted they are not properly insured against the risk of a cyber incident.</p><div  class="fancy-box"><div class="fancy_box-title"></div><div class="fancy_box_body"><p class="fancy-box__body-text"><a data-analytics-id="inline-link" href="https://www.itpro.com/security/cyber-security/361099/cyber-security-and-insurance-companies-evolving-with-the-threat-of-ransomware" data-original-url="/security/cyber-security/361099/cyber-security-and-insurance-companies-evolving-with-the-threat-of-ransomware">How are cyber security and insurance companies evolving with the threat of ransomware?</a> Amazon to offer cyber insurance to UK SMBs <a data-analytics-id="inline-link" href="https://www.itpro.com/security/cyber-security/360131/cyber-insurance-premiums-increased-by-a-third-in-the-last-12-months" data-original-url="/security/cyber-security/360131/cyber-insurance-premiums-increased-by-a-third-in-the-last-12-months">Cyber insurance premiums increased by a third in the last 12 months</a></p></div></div><p>What's more, five councils refused to say whether or not they have in <a href="https://www.itpro.com/security/cyber-security/361099/cyber-security-and-insurance-companies-evolving-with-the-threat-of-ransomware" target="_blank" data-original-url="https://www.itpro.com/security/cyber-security/361099/cyber-security-and-insurance-companies-evolving-with-the-threat-of-ransomware">place a cyber insurance policy</a>, citing Section 31 of the Freedom of Information Act which exempts the disclosure of information that could “prejudice the prevention or detection of crime”.</p><p>One council said that disclosing the information relating to cyber insurance could lead to an increased risk by encouraging an attack, said ProLion. Other councils stated that the disclosure of such information would give cyber criminals insight into possible vulnerabilities, or embolden them to attack those most at risk.</p><p>Eight councils were ambiguous or unclear in their response to the FOI, while three councils didn’t respond to the request at all.</p><div  class="fancy-box"><div class="fancy_box-title">RELATED RESOURCE</div><div class="fancy_box_body"><figure class="van-image-figure "  ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="yPTxiHXTa3TryGiia9DSw4" name="yPTxiHXTa3TryGiia9DSw4.png" caption="" alt="" src="https://cdn.mos.cms.futurecdn.net/yPTxiHXTa3TryGiia9DSw4.png" mos="https://cdn.mos.cms.futurecdn.net/yPTxiHXTa3TryGiia9DSw4.png" link="" align="" fullscreen="" width="0" height="0" attribution="" endorsement="" class="pinterest-pin-exclude"></p></div></div></figure><p class="fancy-box__body-text"><strong>Improve security and compliance</strong></p><p class="fancy-box__body-text">Adopting an effective security and compliance risk management approach</p><p class="fancy-box__body-text"><a data-analytics-id="inline-link" href="https://www.itpro.com/security/365337/improve-security-and-compliance" data-original-url="/security/365337/improve-security-and-compliance">FREE DOWNLOAD</a></p></div></div><p>“<a href="https://www.itpro.com/security/28084/what-is-ransomware" target="_blank" data-original-url="https://www.itpro.com/security/28084/what-is-ransomware">Ransomware</a> attacks have continued to rapidly grow both in frequency and sophistication,” said Steve Arlin, VP Sales in UK, Americas & APAC at ProLion. “The situation demanded action a long time ago, and the issue is now so large that businesses can’t afford to be reactive in their approach to cybersecurity.”</p><p>ProLion pointed out that organisations of all sizes and sectors are viable targets for opportunistic cyber criminals. However, the public sector is likely to hold more sensitive data, including council tax, medical records, and financial information. “This might explain why they are a preferred target and more likely to pay any ransom demands,” stated the company.</p><p>Arlin added that for organisations like borough councils, the risk of large volumes of sensitive personal data falling into the wrong hands means that it could face huge UK GDPR related fines as a result.</p><p>ProLion also found that the research provided insights on councils’ approach to cyber security. One representative for a council said that they discovered the cyber insurance market to be very challenging and therefore difficult to obtain competitive quotations. They added that they are currently looking at both insurance and a cyber consultancy review, including self-assessments as a solution to their cyber risks.</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ DC AG launches algorithmic bias bill  ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/business/policy-legislation/361816/dc-ag-launches-algorithmic-bias-bill</link>
                                                                            <description>
                            <![CDATA[ Law would levy $10,000 per infection for algorithmic bias ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">67MYfqhRaKP9YjdboDgPfv</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/XYPpdAAFhapCfYibWPyk8J-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Fri, 10 Dec 2021 16:05:26 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Policy and Legislation]]></category>
                                                    <category><![CDATA[Business]]></category>
                                                                                                                    <dc:creator><![CDATA[ Danny Bradbury ]]></dc:creator>                                                                                    <dc:source><![CDATA[ null ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/XYPpdAAFhapCfYibWPyk8J-1280-80.jpg">
                                                            <media:credit><![CDATA[Shutterstock]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Graphical representation of bias being present in tech systems]]></media:description>                                                            <media:text><![CDATA[Graphical representation of bias being present in tech systems]]></media:text>
                                <media:title type="plain"><![CDATA[Graphical representation of bias being present in tech systems]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/XYPpdAAFhapCfYibWPyk8J-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>DC Attorney General Karl A Racine has proposed legislation that would prevent <a href="https://www.itpro.com/technology/artificial-intelligence-ai/361255/trusted-ai-a-guide-to-building-fair-and-unbiased-ai" data-original-url="https://www.itpro.com/technology/artificial-intelligence-ai/361255/trusted-ai-a-guide-to-building-fair-and-unbiased-ai">algorithmic discrimination</a>. The Stop Discrimination by Algorithms Act (SDAA) would prevent companies from making automated decisions that discriminate against marginalized groups in the District. </p><p>The Center of Privacy and Technology and Communications and Technology Law Clinic (both part of Georgetown University Law Center) helped draft the bill, in conjunction with civil rights nonprofit Color of Change. </p><div  class="fancy-box"><div class="fancy_box-title">RELATED RESOURCE</div><div class="fancy_box_body"><figure class="van-image-figure "  ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="TBVxw5vtHxwvYZnuChnh2M" name="TBVxw5vtHxwvYZnuChnh2M.png" caption="" alt="" src="https://cdn.mos.cms.futurecdn.net/TBVxw5vtHxwvYZnuChnh2M.png" mos="https://cdn.mos.cms.futurecdn.net/TBVxw5vtHxwvYZnuChnh2M.png" link="" align="" fullscreen="" width="0" height="0" attribution="" endorsement="" class="pinterest-pin-exclude"></p></div></div></figure><p class="fancy-box__body-text"><strong>Are you ready for the hybrid workplace?</strong></p><p class="fancy-box__body-text">Invest in headsets and webcams to drive worker productivity</p><p class="fancy-box__body-text"><a data-analytics-id="inline-link" href="https://www.itpro.com/business-strategy/flexible-working/361698/are-you-ready-for-the-hybrid-workplace" data-original-url="/business-strategy/flexible-working/361698/are-you-ready-for-the-hybrid-workplace">FREE DOWNLOAD</a></p></div></div><p>The Act forbids discrimination by algorithms that make decisions about credit, education, housing, employment, and public services. Companies must also inform individuals about how they use algorithms to make those decisions. </p><p>Organizations must document how they build their algorithms and how they make decisions. They must file annual audit reports with the Attorney General in which they <a href="https://www.itpro.com/technology/artificial-intelligence-ai/354824/how-to-spot-if-not-fix-algorithmic-bias" data-original-url="https://www.itpro.com/technology/artificial-intelligence-ai/354824/how-to-spot-if-not-fix-algorithmic-bias">check their algorithms for discrimination</a>. </p><p>The proposed legislation comes with teeth, as the it allows the Attorney General to penalize companies that violate the rules by up to $10,000 per violation. It also permits private lawsuits. </p><p>The <a href="https://oag.dc.gov/sites/default/files/2021-12/DC-Bill-SDAA-FINAL-to-file-.pdf">text</a> of the bill warned that algorithmic decision-making systems that don't account for bias can harm marginalized groups. "Despite their prevalence and the potential problems they pose, algorithms are poorly understood by most individuals, in part because of the many entities involved and the lack of accountability among those entities," it said. </p><p>The move prompted support from organizations and individuals including Timnit Gebru, the AI researcher who <a href="https://www.itpro.com/technology/artificial-intelligence-ai/358027/google-ai-scientist-hits-back-after-firing" data-original-url="https://www.itpro.com/technology/artificial-intelligence-ai/358027/google-ai-scientist-hits-back-after-firing">complained</a> that Google silenced her concerns about its AI algorithms. </p><p>"At this point it should be clear that multinational corporations will not self regulate," said the scientist, who this month launched the Distributed Artificial Intelligence Research Institute. "To the contrary, they push out people with the slightest criticism of their proliferation of harmful systems. Without laws requiring companies to assess the potential for discriminatory impact of their algorithms, what they do instead is eject people like me who attempt to do that internally, even though this was literally in my job description." </p><p>The proposed legislation mirrors efforts at the federal level. In 2019, Democrats introduced an Algorithmic Accountability Act that would have pressed the Federal Trade Commission to create rules for assessing bias in automated systems. In May this year, Democrats tried again with the Algorithmic Justice and Online Platform Transparency Act of 2021. </p><p>The FTC has already <a href="https://www.itpro.com/technology/artificial-intelligence-ai/359298/ftc-warns-companies-to-use-ai-responsibly" data-original-url="https://www.itpro.com/technology/artificial-intelligence-ai/359298/ftc-warns-companies-to-use-ai-responsibly">warned</a> organizations to use AI responsibly, threatening potential action for those that fail to do so. It has issued <a href="https://www.ftc.gov/news-events/blogs/business-blog/2020/04/using-artificial-intelligence-algorithms">guidance</a> for companies to follow.</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ A buyer’s guide to board management software ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/business-operations/project-management-software/361796/a-buyers-guide-to-board-management-software</link>
                                                                            <description>
                            <![CDATA[ Improve your board’s performance ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">hXtEvEuYNWQokWjPJ1TJxg</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/otFNKjhiU6YqBGDkFCN9hh-1280-80.png" type="image/png" length="0"></enclosure>
                                                                        <pubDate>Wed, 08 Dec 2021 15:08:03 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Digital Transformation]]></category>
                                                    <category><![CDATA[Business]]></category>
                                                                                                <author><![CDATA[ itpro@futurenet.com (ITPro) ]]></author>                    <dc:creator><![CDATA[ ITPro ]]></dc:creator>                                                                                    <dc:source><![CDATA[ null ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/png" url="https://cdn.mos.cms.futurecdn.net/otFNKjhiU6YqBGDkFCN9hh-1280-80.png">
                                                            <media:credit><![CDATA[null]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Whitepaper cover with photo of someone using a tablet]]></media:description>                                                            <media:text><![CDATA[Whitepaper cover with photo of someone using a tablet]]></media:text>
                                <media:title type="plain"><![CDATA[Whitepaper cover with photo of someone using a tablet]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/otFNKjhiU6YqBGDkFCN9hh-1280-80.png" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>To truly be effective, today’s boards need to keep pace with new technologies, security threats, and economic developments. Board management software can drive efficiency and collaboration, while remaining secure and adoptable across the organisation.</p><p>When evaluating board management software providers, it’s critical to find a solution that provides a streamlined, secure experience not just for board members, but anyone else who will be using it. </p><p>Download this whitepaper to learn how the right board management software can:</p><ul><li>Increase efficiency & streamline communications</li><li>Improve security</li><li>Save time and money</li><li>And practice better governance</li></ul><p><em>Provided by</em></p><figure class="van-image-figure pull-" data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="UtvAeeAcF8dVU7LoiMht4J" name="" alt="Diligent logo" src="https://cdn.mos.cms.futurecdn.net/UtvAeeAcF8dVU7LoiMht4J.png" mos="https://cdn.mos.cms.futurecdn.net/UtvAeeAcF8dVU7LoiMht4J.png" align="" fullscreen="" width="" height="" attribution="" endorsement="" class="pull-"></p></div></div></figure><p>.</p><iframe frameborder="0" height="1000" width="100%" data-lazy-priority="low" data-lazy-src="https://dennis.cvtr.io/forms/49474/diligent-corporation-form?locale=1&p=false&wp=8109"></iframe>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Outlook 2022: Five priorities for boards, management & governance professionals ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/policy-legislation/it-governance/361795/outlook-2022-five-priorities-for-boards-management</link>
                                                                            <description>
                            <![CDATA[ What’s driving the future of governance ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">kuZxitzkN2UCZ7cKbY3WKu</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/AwiTQbKokghduC3fiCJVd7-1280-80.png" type="image/png" length="0"></enclosure>
                                                                        <pubDate>Wed, 08 Dec 2021 14:45:04 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Digital Transformation]]></category>
                                                    <category><![CDATA[Business]]></category>
                                                                                                <author><![CDATA[ itpro@futurenet.com (ITPro) ]]></author>                    <dc:creator><![CDATA[ ITPro ]]></dc:creator>                                                                                    <dc:source><![CDATA[ null ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/png" url="https://cdn.mos.cms.futurecdn.net/AwiTQbKokghduC3fiCJVd7-1280-80.png">
                                                            <media:credit><![CDATA[null]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Whitepaper cover with business woman in a checked dress holding some papers]]></media:description>                                                            <media:text><![CDATA[Whitepaper cover with business woman in a checked dress holding some papers]]></media:text>
                                <media:title type="plain"><![CDATA[Whitepaper cover with business woman in a checked dress holding some papers]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/AwiTQbKokghduC3fiCJVd7-1280-80.png" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>As businesses undergo changes in the new post-pandemic world of work in order to stay operational, as well as resilient, these changes are also driven by stakeholders demanding more.</p><p>There is an increase in focus on environmental, social and governance (ESG) factors today and as organisations look ahead to next year’s strategy, they need to incorporate sustainable and flexible governance practices in order to be more informed, secure and goal-focussed.</p><p>Download this guide to understand five key focus areas that business leaders need to consider as they plan their governance and compliance practices for the coming year.</p><p><em>Provided by</em></p><figure class="van-image-figure pull-" data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="UtvAeeAcF8dVU7LoiMht4J" name="" alt="Diligent logo" src="https://cdn.mos.cms.futurecdn.net/UtvAeeAcF8dVU7LoiMht4J.png" mos="https://cdn.mos.cms.futurecdn.net/UtvAeeAcF8dVU7LoiMht4J.png" align="" fullscreen="" width="" height="" attribution="" endorsement="" class="pull-"></p></div></div></figure><iframe frameborder="0" height="1000" width="100%" data-lazy-priority="low" data-lazy-src="https://dennis.cvtr.io/forms/49474/diligent-corporation-form?locale=1&p=false&wp=8108"></iframe>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Modern governance: The how-to guide ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/policy-legislation/it-governance/361792/modern-governance-the-how-to-guide</link>
                                                                            <description>
                            <![CDATA[ Equipping organisations with the right tools for business resilience ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">cjz4fexkozCZv4jy6L4nN3</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/twFQWGnpSuXfswsCrh4NE4-1280-80.png" type="image/png" length="0"></enclosure>
                                                                        <pubDate>Wed, 08 Dec 2021 14:32:02 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Digital Transformation]]></category>
                                                    <category><![CDATA[Business]]></category>
                                                                                                <author><![CDATA[ itpro@futurenet.com (ITPro) ]]></author>                    <dc:creator><![CDATA[ ITPro ]]></dc:creator>                                                                                    <dc:source><![CDATA[ null ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/png" url="https://cdn.mos.cms.futurecdn.net/twFQWGnpSuXfswsCrh4NE4-1280-80.png">
                                                            <media:credit><![CDATA[null]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Whitepaper cover with solid red vertical line, and the title and Diligent logo]]></media:description>                                                            <media:text><![CDATA[Whitepaper cover with solid red vertical line, and the title and Diligent logo]]></media:text>
                                <media:title type="plain"><![CDATA[Whitepaper cover with solid red vertical line, and the title and Diligent logo]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/twFQWGnpSuXfswsCrh4NE4-1280-80.png" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>Modern technology is evolving just as fast as the business landscape and to stay ahead, organisations need to remain informed, protected, collaborative and goal-focussed in real time and in all situations. </p><p>Having modern governance can enable your business to remain productive while progressing with your digital transformation, so that you can emerge stronger than the competition.</p><p>Download this whitepaper to learn best practices and insights in:</p><ul><li>Strategy & governance</li><li>Security & collaboration</li><li>Risk & accountability</li></ul><p><em>Provided by</em></p><figure class="van-image-figure pull-" data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="UtvAeeAcF8dVU7LoiMht4J" name="" alt="Diligent logo" src="https://cdn.mos.cms.futurecdn.net/UtvAeeAcF8dVU7LoiMht4J.png" mos="https://cdn.mos.cms.futurecdn.net/UtvAeeAcF8dVU7LoiMht4J.png" align="" fullscreen="" width="" height="" attribution="" endorsement="" class="pull-"></p></div></div></figure><iframe frameborder="0" height="1000" width="100%" data-lazy-priority="low" data-lazy-src="https://dennis.cvtr.io/forms/49474/diligent-corporation-form?locale=1&p=false&wp=8107"></iframe>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Commerce Department creates an artificial intelligence committee  ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/business/policy-legislation/360840/commerce-department-creates-an-artificial-intelligence-committee</link>
                                                                            <description>
                            <![CDATA[ Committee fulfills commitments laid out under January defense bill ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">s8w6LgLetmmDaS9ipRHUS4</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/nzJqQp8qGXSyMWcj2Nrgs9-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Thu, 09 Sep 2021 17:32:44 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Policy and Legislation]]></category>
                                                    <category><![CDATA[Business]]></category>
                                                                                                                    <dc:creator><![CDATA[ Danny Bradbury ]]></dc:creator>                                                                                    <dc:source><![CDATA[ null ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/nzJqQp8qGXSyMWcj2Nrgs9-1280-80.jpg">
                                                            <media:credit><![CDATA[Shutterstock]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Head with binary code inside it made to look like artificial intelligence]]></media:description>                                                            <media:text><![CDATA[Head with binary code inside it made to look like artificial intelligence]]></media:text>
                                <media:title type="plain"><![CDATA[Head with binary code inside it made to look like artificial intelligence]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/nzJqQp8qGXSyMWcj2Nrgs9-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>The US Department of Commerce has created a committee to advise <a href="https://www.itpro.com/tag/us-government" data-original-url="https://www.itpro.com/tags/us-government">government</a> decision makers on artificial intelligence (AI)-related issues. The Department said the National Artificial Intelligence Advisory Committee (NAIAC) would advise the president and other federal agencies on the technology. </p><p>In January, the National AI Initiative Act of 2020 mandated the committee when it was passed as part of the National Defense Authorization Act. It also created a National Artificial Intelligence Initiative, which would promote US leadership in AI research and coordinate AI efforts across federal agencies. As part of the initiative, the Act <a href="https://www.itpro.com/business/policy-legislation/358312/white-house-launches-ai-initiative-office" data-original-url="https://www.itpro.com/business/policy-legislation/358312/white-house-launches-ai-initiative-office">established</a> a National AI Initiative Office (NAIIO) in the White House Office of Science and Technology Policy (OTSP). </p><div  class="fancy-box"><div class="fancy_box-title"></div><div class="fancy_box_body"><p class="fancy-box__body-text"><a data-analytics-id="inline-link" href="https://www.itpro.com/technology/artificial-intelligence-ai/357448/how-can-artificial-intelligence-help-in-the-fight-to" data-original-url="/technology/artificial-intelligence-ai/357448/how-can-artificial-intelligence-help-in-the-fight-to">How can artificial intelligence help in the fight to remain secure?</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/technology/artificial-intelligence-ai/355336/artificial-intelligence-spending-in-health-care-will" data-original-url="/technology/artificial-intelligence-ai/355336/artificial-intelligence-spending-in-health-care-will">Artificial intelligence spending in health care will see a $1.5 billion increase by 2025</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/technology/artificial-intelligence-ai/355130/why-transparency-is-key-to-promoting-trust-in" data-original-url="/technology/artificial-intelligence-ai/355130/why-transparency-is-key-to-promoting-trust-in">Why transparency is key to promoting trust in artificial intelligence</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/business-strategy/data-insights/354894/how-organisations-unlock-their-data-capital-with-artificial" data-original-url="/business-strategy/data-insights/354894/how-organisations-unlock-their-data-capital-with-artificial">How organisations unlock their data capital with artificial intelligence</a></p></div></div><p>The committee has input from the secretaries of state, defense and energy; the OTSP director; the director of national intelligence; and the attorney general. </p><p>The committee's duties include reporting on progress in implementing the national AI initiative. It will also explore various issues, including equity and racial justice, US competitiveness in AI, and how AI affects the workforce. Committee members will advise how the US government can best cooperate with other countries on AI and promote accountability and legal rights. </p><p>The Department of Commerce is working with the NAIIO to recruit committee members from academia, industry, nonprofits, civil society, and federal laboratories. As an agency within the Department of Commerce, NIST will also promote <a href="https://www.itpro.com/technology/artificial-intelligence-ai/359374/taming-the-machine-ai-governance" data-original-url="https://www.itpro.com/technology/artificial-intelligence-ai/359374/taming-the-machine-ai-governance">responsible AI use</a> while providing administrative support. </p><p>This work follows concerns over government competitiveness in AI and cross-agency handling of AI issues. In March, another government-commissioned group <a href="https://www.itpro.com/technology/artificial-intelligence-ai/358755/us-falling-behind-in-ai-says-national-security-report" data-original-url="https://www.itpro.com/technology/artificial-intelligence-ai/358755/us-falling-behind-in-ai-says-national-security-report">sounded the alarm</a> about the dangers to national security if the federal government didn't increase its focus on AI. </p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ US considering 25% tariff in retaliation to UK’s digital services tax ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/business/policy-legislation/359062/us-considering-25-tariff-in-retaliation-to-uks-digital-services</link>
                                                                            <description>
                            <![CDATA[ The US is mulling a new tax on UK goods such as industrial robots ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">4YyrAfVN7XDXwq9TVdpj3d</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/WuZCHccpXKB4uHz5GGEpSZ-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Tue, 30 Mar 2021 09:17:41 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Policy and Legislation]]></category>
                                                    <category><![CDATA[Business]]></category>
                                                                                                                    <dc:creator><![CDATA[ Zach Marzouk ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/GFZtdGsYoXrkh3Jhj4ZKTc.jpg ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/WuZCHccpXKB4uHz5GGEpSZ-1280-80.jpg">
                                                            <media:credit><![CDATA[null]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Front of the White House at night]]></media:description>                                                            <media:text><![CDATA[Front of the White House at night]]></media:text>
                                <media:title type="plain"><![CDATA[Front of the White House at night]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/WuZCHccpXKB4uHz5GGEpSZ-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>The US is considering implementing a 25% tariff on a selection of British goods that enter the country in retaliation to the UK’s digital services tax (DST).</p><p>The goods that the tariff will affect include industrial robots, clothing and ceramics, according to a list <a href="https://ustr.gov/sites/default/files/files/Press/Releases/FRNUK.pdf" target="_blank">published by US officials</a>.</p><div  class="fancy-box"><div class="fancy_box-title"></div><div class="fancy_box_body"><p class="fancy-box__body-text"><a data-analytics-id="inline-link" href="https://www.itpro.com/business/policy-legislation/356968/how-tech-firms-are-responding-to-the-2-digital-services-tax-dst" data-original-url="/business/policy-legislation/356968/how-tech-firms-are-responding-to-the-2-digital-services-tax-dst">How tech firms are responding to the UK's Digital Services Tax</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/business/policy-legislation/355897/us-says-uk-digital-services-tax-unfair" data-original-url="/business/policy-legislation/355897/us-says-uk-digital-services-tax-unfair">US to challenge UK's "unfair" Digital Services Tax</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/business/policy-legislation/356861/uk-to-reconsider-digital-services-tax" data-original-url="/business/policy-legislation/356861/uk-to-reconsider-digital-services-tax">UK may drop Digital Services Tax to smooth over US trade talks</a></p></div></div><p>The Office of the United States Trade Representative (USTR) seeks to collect duties on UK goods in the range of the amount of DST that the UK is expected to collect from US companies, which it estimates to be approximately $325 million (£236m) per year.</p><p>“The United States is committed to working with its trading partners to <a href="https://www.itpro.com/business/policy-legislation/355897/us-says-uk-digital-services-tax-unfair" target="_blank" data-original-url="https://www.itpro.com/business/policy-legislation/355897/us-says-uk-digital-services-tax-unfair">resolve its concerns</a> with digital services taxes, and to addressing broader issues of international taxation,” <a href="https://ustr.gov/about-us/policy-offices/press-office/press-releases/2021/march/ustr-announces-next-steps-section-301-digital-services-taxes-investigations" target="_blank">said</a> USTR ambassador Katherine Tai.</p><p>“The United States remains committed to reaching an international consensus through the OECD process on international tax issues. However, until such a consensus is reached, we will maintain our options under the Section 301 process, including, if necessary, the imposition of tariffs.”</p><p>The UK is <a href="https://www.itpro.com/policy-legislation/32244/budget-2018-tech-sector-changes" target="_blank" data-original-url="https://www.itpro.com/policy-legislation/32244/budget-2018-tech-sector-changes">not the only country affected</a> by this decision, as are Austria, India, Italy, Spain and Turkey who are also under consideration for the 25% tariffs on goods from their countries as they have implemented a similar DST.</p><p>The USTR has dropped its investigations against Brazil, the Czech Republic, the EU and Indonesia for now as these countries have not adopted or implemented the DSTs under consideration when the US began its investigations. It made it clear, however, that if these countries adopt or implement a DST in the future, the USTR may initiate new investigations.</p><p>A UK government spokesperson told <em>IT Pro</em> that like other countries around the world, the UK wants to make sure tech firms pay their fair share of tax. The spokesperson said the tax is “reasonable, proportionate and non-discriminatory” before revealing that it is also “<a href="https://www.itpro.com/business/policy-legislation/356861/uk-to-reconsider-digital-services-tax" target="_blank" data-original-url="https://www.itpro.com/business/policy-legislation/356861/uk-to-reconsider-digital-services-tax">temporary</a>”.</p><p>“We’re working positively with the US and other international partners to find a global solution to this problem and will remove the DST when that is in place. Should the US proceed to implement these measures, we would consider all options to defend UK interests and industry,” added the spokesperson.</p><p>The UK <a href="https://www.itpro.com/policy-legislation/32244/budget-2018-tech-sector-changes" target="_blank" data-original-url="https://www.itpro.com/policy-legislation/32244/budget-2018-tech-sector-changes">announced its DST</a> in October 2018, which is a 2% tax on revenues of search engines, social media platforms and online marketplaces that are profitable, and generate over £500 million per year in revenue.</p><p>The US’s plans to <a href="https://www.itpro.com/business/policy-legislation/355897/us-says-uk-digital-services-tax-unfair" target="_blank" data-original-url="https://www.itpro.com/business/policy-legislation/355897/us-says-uk-digital-services-tax-unfair">challenge the UK’s DST</a> originated in June of last year under the Trump administration, where it made it clear it would investigate all countries that are adopting this new form of tax. The US claimed that the tax schemes were “designed to unfairly target our companies.”</p><p>In August 2020, <a href="https://www.itpro.com/business/policy-legislation/356861/uk-to-reconsider-digital-services-tax" target="_blank" data-original-url="https://www.itpro.com/business/policy-legislation/356861/uk-to-reconsider-digital-services-tax">reports emerged</a> suggesting that the UK government was considering dropping its DST to avoid any conflict with the US during its trade talks. </p><p>Furthermore, it was reported that <a href="https://www.itpro.com/business/policy-legislation/357418/amazon-dodge-uk-digital-services-tax" target="_blank" data-original-url="https://www.itpro.com/business/policy-legislation/357418/amazon-dodge-uk-digital-services-tax">Amazon would not be affected by the DST</a> in the UK, but smaller traders using its online marketplace would face increased charges. This was seen as a benefit for the tech giant, which would effectively gain a price advantage on competing goods it sells directly to consumers.</p><p>Despite this, last month the <a href="https://www.itpro.com/business-strategy/public-sector/358549/amazon-tax-uk-gov-pandemic-recovery" target="_blank" data-original-url="https://www.itpro.com/business-strategy/public-sector/358549/amazon-tax-uk-gov-pandemic-recovery">UK government was considering implementing</a> an “Amazon tax” to help the country recover from the COVID pandemic. The Treasury reportedly invited tech firms and retailers to discuss a potential Online Sales Tax, following the news that Amazon’s profits skyrocketed by 51% in 2020.</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ EU might force tech giants to share data with smaller rivals ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/business/policy-legislation/357286/digital-services-act-eu-might-force-tech-giants-to-share-data</link>
                                                                            <description>
                            <![CDATA[ The Digital Services Act draft also suggests that firms may be banned from giving their own services preferential treatment ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">cX9dPn52UbXjSJJEUpg3DJ</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/mnJQo9YoTiNaQPHBkHcZxk-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Wed, 30 Sep 2020 09:07:18 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Data Protection]]></category>
                                                    <category><![CDATA[Security]]></category>
                                                                                                                    <dc:creator><![CDATA[ Sabina Weston ]]></dc:creator>                                                                                    <dc:source><![CDATA[ null ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/mnJQo9YoTiNaQPHBkHcZxk-1280-80.jpg">
                                                            <media:credit><![CDATA[Shutterstock]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Pedestrian walks outside of the European Commission&amp;#039;s building in Brussels, Belgium.]]></media:description>                                                            <media:text><![CDATA[Pedestrian walks outside of the European Commission&amp;#039;s building in Brussels, Belgium.]]></media:text>
                                <media:title type="plain"><![CDATA[Pedestrian walks outside of the European Commission&amp;#039;s building in Brussels, Belgium.]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/mnJQo9YoTiNaQPHBkHcZxk-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>The European Union might force US tech giants such as Amazon, Facebook, and Google to share their vast collection of customer data with smaller rivals, according to a new draft of the <a href="https://www.itpro.com/policy-legislation/34075/eu-plotting-to-overhaul-rules-governing-tech-giants" data-original-url="https://www.itpro.com/policy-legislation/34075/eu-plotting-to-overhaul-rules-governing-tech-giants">Digital Services Act</a> seen by the <a href="https://www.ft.com/content/1773edd6-7f1d-4290-93b6-05965a4ff0db"><em>Financial Times</em></a>.</p><p>The new regulations, which aim to increase responsibility and liability for social media firms and the content on their platforms, are set to be proposed by the end of this year.</p><p>According to the draft, which reportedly includes 30 paragraphs of prohibitions or obligations, tech giants will be banned from using “data collected on the platform . . . for [their] own commercial activities . . . unless they [make it] accessible to business users active in the same commercial activities”.</p><div  class="fancy-box"><div class="fancy_box-title"></div><div class="fancy_box_body"><p class="fancy-box__body-text"><a data-analytics-id="inline-link" href="https://www.itpro.com/business-strategy/data-controller/357053/irish-data-watchdog-orders-facebook-to-halt-eu-user-data" data-original-url="/business-strategy/data-controller/357053/irish-data-watchdog-orders-facebook-to-halt-eu-user-data">Irish data watchdog orders Facebook to halt EU user data transfers to the US</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/safe-harbour/34529/what-is-eu-us-privacy-shield" data-original-url="/safe-harbour/34529/what-is-eu-us-privacy-shield">What is EU-US Privacy Shield?</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/general-data-protection-regulation-gdpr/31025/gdpr-fines-how-high-are-they-and-how-can-you-avoid" data-original-url="/general-data-protection-regulation-gdpr/31025/gdpr-fines-how-high-are-they-and-how-can-you-avoid">GDPR fines: How high are they, and how can you avoid them?</a></p></div></div><p>It will also prohibit the so-called ‘gatekeeper’ platforms, which are in charge of online marketplaces, from using “data received from business users for advertising services for any other purpose other than advertising service”.</p><p>The draft also suggests that tech giants will be banned from treating their own services on their sites or platforms in a preferential manner that could disadvantage rivals. Companies might be prohibited from pre-installing their own apps on hardware devices, for example.</p><p>According to the <em>FT</em>, EU legislators might also force tech giants to allow users to uninstall any pre-installed apps on devices such as smartphones and personal computers. </p><p>News of this regulation comes days after the EU internal market commissioner Thierry Breton <a href="https://www.ft.com/content/7738fdd8-e0c3-4090-8cc9-7d4b53ff3afb">told <em>the FT</em></a> that the Digital Services Act <a href="https://www.itpro.com/business/policy-legislation/357172/eu-seeks-new-regulatory-powers-against-big-tech-firms" data-original-url="https://www.itpro.com/business/policy-legislation/357172/eu-seeks-new-regulatory-powers-against-big-tech-firms">could have the power</a> to exclude large tech companies from the single market altogether. However, it is anticipated that the tech giants won’t back down without a fight.</p><div  class="fancy-box"><div class="fancy_box-title">RELATED RESOURCE</div><div class="fancy_box_body"><figure class="van-image-figure "  ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="kZDeCkgNDUR8v7tJUjkptA" name="kZDeCkgNDUR8v7tJUjkptA.jpg" caption="" alt="" src="https://cdn.mos.cms.futurecdn.net/kZDeCkgNDUR8v7tJUjkptA.jpg" mos="https://cdn.mos.cms.futurecdn.net/kZDeCkgNDUR8v7tJUjkptA.jpg" link="" align="" fullscreen="" width="0" height="0" attribution="" endorsement="" class="pinterest-pin-exclude"></p></div></div></figure><p class="fancy-box__body-text"><strong>Leading the data race</strong></p><p class="fancy-box__body-text">The trends driving the future of data science</p><p class="fancy-box__body-text"><a data-analytics-id="inline-link" href="https://www.itpro.com/data-insights/data-mining/357132/leading-the-data-race" data-original-url="/data-insights/data-mining/357132/leading-the-data-race">FREE DOWNLOAD</a></p></div></div><p>Earlier this month, Google asked the European Commission to "<a href="https://www.itpro.com/business/policy-legislation/357000/digital-services-act-google-asks-european-commission-to-clarify" data-original-url="https://www.itpro.com/business/policy-legislation/357000/digital-services-act-google-asks-european-commission-to-clarify">clarify</a>" its expectations towards tech companies regarding the Digital Services Act. The firm submitted a 135 page document calling for the EC to avoid a "one-size-fits-all" approach and hit back at the legislators’ choice to label tech giants as ‘gatekeepers’.</p><p>“In certain sectors, the platform may have market power; in others, it may be a new entrant or marginal player. The digital ecosystem is extremely diverse and evolving rapidly and it would be misguided for gatekeeper designations to be evaluated by reference to the position of an entire company or corporate group,” argued Google.</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Uber wins license to operate in London after ‘plugging IT gaps’  ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/business/policy-legislation/357260/uber-wins-london-license-plugging-it-gaps</link>
                                                                            <description>
                            <![CDATA[ The ride-hailing firm was previously in trouble for failings in the way it manages and releases software updates ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">pNy5azEoPABgtefE2rq8Nv</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/VT7scWZuihiTZh8a2rSPaP-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Mon, 28 Sep 2020 11:21:49 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Policy and Legislation]]></category>
                                                    <category><![CDATA[Business]]></category>
                                                                                                                    <dc:creator><![CDATA[ Keumars Afifi-Sabet ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/EAvwpZggMZ2K5h8s2pTAEm.jpg ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/VT7scWZuihiTZh8a2rSPaP-1280-80.jpg">
                                                            <media:credit><![CDATA[Shutterstock]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[The Uber app open on a smartphone held by a hand]]></media:description>                                                            <media:text><![CDATA[The Uber app open on a smartphone held by a hand]]></media:text>
                                <media:title type="plain"><![CDATA[The Uber app open on a smartphone held by a hand]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/VT7scWZuihiTZh8a2rSPaP-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>Changes that Uber has made to its systems and internal processes, including the addition of software tools and more automation, mean the company is now “fit and proper” to hold a license to operate in London.</p><p>Following an almost year-long regulatory process, the Westminster magistrates court has ruled in favour of Uber after Transport for London (TfL) previously refused the ride-hailing platform a license extension in November 2019. </p><p>Part of the reason for the refusal was due to breaches that put passengers at risk, including a change to Uber systems that allowed unauthorised individuals to upload photographs to legitimate drivers’ accounts.</p><div  class="fancy-box"><div class="fancy_box-title"></div><div class="fancy_box_body"><p class="fancy-box__body-text"><a data-analytics-id="inline-link" href="https://www.itpro.com/business/policy-legislation/357116/uber-claims-its-makes-london-safer-in-tfl-licence-battle" data-original-url="/business/policy-legislation/357116/uber-claims-its-makes-london-safer-in-tfl-licence-battle">Uber claims it makes London "safer" in TfL licence battle</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/security/hacking/356843/former-uber-cso-charged-hack-cover-up" data-original-url="/security/hacking/356843/former-uber-cso-charged-hack-cover-up">Former Uber CSO charged for data breach cover-up</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/data-insights/32443/ico-fines-uber-385000-following-its-2016-data-breach" data-original-url="/data-insights/32443/ico-fines-uber-385000-following-its-2016-data-breach">ICO fines Uber £385,000 following its 2016 data breach</a></p></div></div><p>The decision comes three years after TfL first put pressure on the company to improve its systems and its practices, declaring it was <a href="https://www.itpro.com/it-legislation/29544/uber-not-fit-and-proper-to-run-in-london-tfl-decides" data-original-url="https://www.itpro.com/it-legislation/29544/uber-not-fit-and-proper-to-run-in-london-tfl-decides">“not fit and proper to hold a private hire operator license” in September 2017</a>.</p><p>The Westminster magistrates court, however, has concluded after an examination of the evidence that changes to the way Uber operates means the company is not fit to operate in the capital. Notably, Uber has “plugged” the holes in its IT systems that have led to issues over the years, as identified by a report compiled by Cognizant.</p><p>Flaws in the release management systems that oversee how Uber’s software is updated have been addressed, according to the report commissioned in April this year, and regulatory breaches are therefore less likely to happen. In particular, Uber has increased the level of automation in these processes, improved software testing, as well as increased overall governance over releases.</p><p>“Cognizant instructed by TfL had initially found that ULL’s ITSM processes were not to appropriate standard,” said deputy chief magistrate Tan Ikram. “TfL accept that there have been subsequent changes.</p><p>“Despite their historical failings, I find them, now, to be a fit and proper person to hold a London PHV operator’s licence.”</p><p>One software issue highlighted by the ruling involved the way in which seven drivers were able to continue driving after their MOTs had expired. Uber became aware of a software issue in January 2020 that was causing this error - and implemented a fix in February. The manner in which the issue was identified and patched serves as an example of an improvement in the way Uber manages its internal processes.</p><p>The regulatory battle between Uber and TfL has taken several twists and turns since 2017, with the company handed a <a href="https://www.itpro.com/policy-legislation/31366/uber-granted-a-15-month-licence-to-operate-in-london" target="_blank" data-original-url="https://www.itpro.com/policy-legislation/31366/uber-granted-a-15-month-licence-to-operate-in-london">15-month license to operate in London in June 2018</a>. This is after TfL ruled the ride-hailing firm shouldn’t operate due to concerns about public safety and security regarding Uber’s failure to report crimes to the police.</p><p>This license was then just <a href="https://www.itpro.com/policy-legislation/34482/ubers-london-licence-extended-by-just-two-months" target="_blank" data-original-url="https://www.itpro.com/policy-legislation/34482/ubers-london-licence-extended-by-just-two-months">extended for two months</a> last September and was attached with conditions to ensure passenger safety. The short duration was so that TfL could closer scrutinise any additional information it was requesting ahead of future licensing decisions. </p><p>Uber’s <a href="https://www.itpro.com/business/policy-legislation/354196/uber-denied-licence-to-operate-in-london" target="_blank" data-original-url="https://www.itpro.com/business/policy-legislation/354196/uber-denied-licence-to-operate-in-london">license to operate was then once again denied</a> in November 2019, despite the company making a host of changes to the way it operates. These changes, however, weren’t enough to convince regulators the company wouldn’t put passengers at risk.</p><p>The length of the license will be 18 months, according to various reports including that published by <a href="https://www.itv.com/news/london/2020-09-28/uber-tfl-licence-ruling-london" target="_blank"><em>ITV News</em></a>.</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Master O365 governance, enforce security policies, and achieve regulatory compliance ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/policy-legislation/it-governance/355561/master-o365-governance-enforce-security-policies-and</link>
                                                                            <description>
                            <![CDATA[ Identify — and solve — security compliance pain points ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">uNEHekyAF7Yksyeh2byVUQ</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/6Z36gSZgfAU5p6dikazVvN-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Wed, 06 May 2020 13:11:36 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Data Protection]]></category>
                                                    <category><![CDATA[Security]]></category>
                                                                                                <author><![CDATA[ itpro@futurenet.com (ITPro) ]]></author>                    <dc:creator><![CDATA[ ITPro ]]></dc:creator>                                                                                    <dc:source><![CDATA[ null ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/6Z36gSZgfAU5p6dikazVvN-1280-80.jpg">
                                                            <media:credit><![CDATA[null]]></media:credit>
                                                                                                                                                                                                                                                                                                                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/6Z36gSZgfAU5p6dikazVvN-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <figure class="van-image-figure pull-" data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="W7uzqL3MDcYkT39Bcj3gw3" name="" alt="" src="https://cdn.mos.cms.futurecdn.net/W7uzqL3MDcYkT39Bcj3gw3.png" mos="https://cdn.mos.cms.futurecdn.net/W7uzqL3MDcYkT39Bcj3gw3.png" align="" fullscreen="" width="" height="" attribution="" endorsement="" class="pull-"></p></div></div></figure><p>Top IT pros understand the value of a well-oiled IT machine that is efficient, safe, abides by compliance regulations, and fully serves the strategic business needs of the organisation through proper IT governance.</p><p>Now that Office 365 is running the productivity show, IT managers need to ensure the Microsoft cloud suite helps meet all these goals – and that means supporting true IT governance, regulatory compliance, and that O365 and its end users comply with the organisation’s security policies.</p><p>This whitepaper delves into governance as it applies to O365, exploring why it matters and how to achieve compliance, as well as offering advice on overall IT governance. </p><iframe frameborder="0" height="1000" width="100%" data-lazy-priority="low" data-lazy-src="https://dennis.cvtr.io/forms/coreview-q2-assets-wp?locale=1&p=false&wp=4376"></iframe>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ German housing giant fined £12.5m for GDPR violations ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/policy-legislation/34776/german-housing-giant-fined-125m-for-gdpr-violations</link>
                                                                            <description>
                            <![CDATA[ The firm’s archive system held onto highly sensitive data from bank statements to health insurance records ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">s5KvQ7xNtVzart11PKQxNz</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/wfsFfgqvSNAyH9bZ9Rp3TL-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Thu, 07 Nov 2019 11:54:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[GDPR]]></category>
                                                    <category><![CDATA[Security]]></category>
                                                    <category><![CDATA[Data Protection]]></category>
                                                                                                                    <dc:creator><![CDATA[ Keumars Afifi-Sabet ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/EAvwpZggMZ2K5h8s2pTAEm.jpg ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/wfsFfgqvSNAyH9bZ9Rp3TL-1280-80.jpg">
                                                            <media:credit><![CDATA[Shutterstock]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[A folder labelled &amp;quot;GDPR Compliance&amp;quot; on a desk]]></media:description>                                                            <media:text><![CDATA[A folder labelled &amp;quot;GDPR Compliance&amp;quot; on a desk]]></media:text>
                                <media:title type="plain"><![CDATA[A folder labelled &amp;quot;GDPR Compliance&amp;quot; on a desk]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/wfsFfgqvSNAyH9bZ9Rp3TL-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>German property company Deutsche Wohnen has been hit with a staggering data protection fine for hanging onto a treasure trove of personal and financial data of former and current housing tenants.</p><p>The firm was fined 14.5 million (approximately 12.5 million) after German data protection investigators found it had been holding information in an archival system from which it was impossible to delete records.</p><p>This highly sensitive data, which belonged to former and current tenants, included salary information, extracts from employment and training contracts, tax and health insurance records, as well as bank statements.</p><p>This data was stored in the system on an indiscriminate basis, <a href="https://www.datenschutz-berlin.de/fileadmin/user_upload/pdf/pressemitteilungen/2019/20191105-PM-Bussgeld_DW.pdf" target="_blank">according to German data protection authorities</a>, and without appropriate consents. There was also no legally-defined basis for collecting and storing the data.</p><div  class="fancy-box"><div class="fancy_box-title"></div><div class="fancy_box_body"><p class="fancy-box__body-text"><a data-analytics-id="inline-link" href="https://www.itpro.com/general-data-protection-regulation-gdpr/30107/get-gdpr-ready" data-original-url="/general-data-protection-regulation-gdpr/30107/get-gdpr-ready">Seven steps to GDPR compliance</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/data-protection/29123/gdpr-for-small-businesses-what-it-means-for-you" data-original-url="/data-protection/29123/gdpr-for-small-businesses-what-it-means-for-you">GDPR for small businesses: What it means for you</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/general-data-protection-regulation-gdpr/31025/gdpr-fines-how-high-are-they-and-how-can-you-avoid" data-original-url="/general-data-protection-regulation-gdpr/31025/gdpr-fines-how-high-are-they-and-how-can-you-avoid">GDPR fines: How high are they, and how can you avoid them?</a></p></div></div><p>Deutsche Wohnen was found to have violated the <a href="https://www.itpro.com/it-legislation/27814/what-is-gdpr-everything-you-need-to-know" target="_blank" data-original-url="https://www.itpro.com/it-legislation/27814/what-is-gdpr-everything-you-need-to-know">General Data Protection Regulation (GDPR)</a> under Article 25 (1), which covers the need for businesses to ensure they're adhering to <a href="https://www.itpro.com/data-protection/28020/data-protection-principles" target="_blank" data-original-url="https://www.itpro.com/data-protection/28020/data-protection-principles">data protection principles</a> such as data minimisation. The firm also violated Article 5, which related to the core ethical principles related to processing data.</p><p>Businesses are instructed under GDPR not to keep personal data beyond the legally-established reasons they have identified, and for a period no longer than is required in order to carry out the processing.</p><div  class="fancy-box"><div class="fancy_box-title">RELATED RESOURCE</div><div class="fancy_box_body"><figure class="van-image-figure "  ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="A6DjmyjhmeMddVtRvSekkR" name="A6DjmyjhmeMddVtRvSekkR.png" caption="" alt="" src="https://cdn.mos.cms.futurecdn.net/A6DjmyjhmeMddVtRvSekkR.png" mos="https://cdn.mos.cms.futurecdn.net/A6DjmyjhmeMddVtRvSekkR.png" link="" align="" fullscreen="" width="0" height="0" attribution="" endorsement="" class="pinterest-pin-exclude"></p></div></div></figure><p class="fancy-box__body-text"><strong>Trends in modern data protection</strong></p><p class="fancy-box__body-text">A comprehensive view of the data protection landscape</p><p class="fancy-box__body-text"><a data-analytics-id="inline-link" href="https://www.itpro.com/policy-legislation/data-protection/354058/trends-in-modern-data-protection" data-original-url="/policy-legislation/data-protection/354058/trends-in-modern-data-protection">FREE DOWNLOAD</a></p></div></div><p>The German property firm was first warned about its archive system in 2017, according to the data regulator, and requested to change its archiving system as a matter of urgency.</p><p>Although the firm changed the archive system in March 2019, the changes still did not establish a lawful basis for storing the personal data and GDPR proceedings were launched, spanning the period between May 2018, when GDPR came into force, and this point.</p><p>The initial financial penalty was actually much higher, at roughly 28 million (24 million) based on the firm's annual turnover at more than a billion euros. <a href="https://www.itpro.com/general-data-protection-regulation-gdpr/31025/gdpr-fines-how-high-are-they-and-how-can-you-avoid" target="_blank" data-original-url="https://www.itpro.com/general-data-protection-regulation-gdpr/31025/gdpr-fines-how-high-are-they-and-how-can-you-avoid">GDPR fines</a> can fall anywhere in the order of 20 million, or up to 4% of a firm's annual turnover, depending on the severity of the violation.</p><p>This initial fine represented 2.8% of the firm's turnover but was reduced because the company had actually taken concrete steps towards correcting its data storage mechanisms, and co-operated with regulators during the process.</p><p><em>IT Pro</em> approached the property giant for its response to the GDPR fine.</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ How 'Brexit disruption' is giving GDS a new lease of life ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/policy-legislation/34448/how-brexit-disruption-is-giving-gds-a-new-lease-of-life</link>
                                                                            <description>
                            <![CDATA[ After years in the wilderness, the urgency of EU exit is forcing GDS to step up to the plate ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">wUnBTSBQwdKc1BsjjrZoov</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/2QsvSCd3NAoSLGHS8mihND-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Thu, 19 Sep 2019 13:51:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Careers and Training]]></category>
                                                    <category><![CDATA[Business]]></category>
                                                                                                                    <dc:creator><![CDATA[ Keumars Afifi-Sabet ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/EAvwpZggMZ2K5h8s2pTAEm.jpg ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/2QsvSCd3NAoSLGHS8mihND-1280-80.jpg">
                                                            <media:credit><![CDATA[null]]></media:credit>
                                                                                                                                                                                                                                                                                                                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/2QsvSCd3NAoSLGHS8mihND-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>While Brexit has proved a contentious issue for many, the organisation spearheading digital transformation within government has seen it as an opportunity to restore its ailing reputation as a prominent force.</p><div  class="fancy-box"><div class="fancy_box-title"></div><div class="fancy_box_body"><p class="fancy-box__body-text"><a data-analytics-id="inline-link" href="https://www.itpro.com/business-strategy/34447/can-the-uks-tech-sector-still-attract-investment-after-brexit" data-original-url="/business-strategy/34447/can-the-uks-tech-sector-still-attract-investment-after-brexit">Can the UK's tech sector still attract investment after Brexit?</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/policy-legislation/31772/gdpr-and-brexit-how-will-one-affect-the-other" data-original-url="/policy-legislation/31772/gdpr-and-brexit-how-will-one-affect-the-other">GDPR and Brexit: How will one affect the other?</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/policy-legislation/34394/small-businesses-unprepared-for-no-deal-brexit" data-original-url="/policy-legislation/34394/small-businesses-unprepared-for-no-deal-brexit">Small businesses ‘unprepared’ for no-deal Brexit</a></p></div></div><p>It's generally seen by businesses as disruptive, but <a href="https://www.itpro.com/public-sector/28232/everything-you-need-to-know-about-gds" target="_blank" data-original-url="https://www.itpro.com/public-sector/28232/everything-you-need-to-know-about-gds">Government Digital Service (GDS)</a> is using Brexit as an "accelerator" in achieving its long-term ambitions, with the urgency of civil service preparations also ramping up digital transformation efforts in government.</p><p>Since establishing the gov.uk platform in 2012 and branching this system out to more than 2,000 domains and subdomains, GDS fell by the wayside and was effectively "gutted" three years ago. Its former chief <a href="https://www.itpro.com/strategy/29499/government-as-a-platform-is-dead-declares-former-gds-head-francis-maude" target="_blank" data-original-url="https://www.itpro.com/strategy/29499/government-as-a-platform-is-dead-declares-former-gds-head-francis-maude">Francis Maude even declared GDS all but dead</a> given the changing nature of digital transformation in the public sector.</p><h3 class="article-body__section" id="section-the-brexit-accelerator"><span>The Brexit accelerator</span></h3><p>GDS is entering a new era under the interim leadership of director general Alison Pritchard, who cited Brexit as a catalyst for the organisation's plans, with the key to these plans being data. </p><p>Where the first era for GDS was establishing a disruptive force in government, the second centred on building out the profession. This latest phase, however, involves honing functionality and improving operational capabilities.</p><p>"EU exit has been a really important accelerator towards that development and embedding of function," said Pritchard, speaking at GDS' flagship Sprint 19 conference.</p><p>"We've seen that come to pass with the operating of the function across boundaries both within the way that we work with colleagues in other departments, and nations, and also the way that other functions have worked together."</p><p>GDS sees Brexit as not just a chance to achieve its core aims quicker, but to inject fresh life into an ailing organisation by also orchestrating the way other departments are preparing for EU withdrawal.</p><p>The main priority for GDS, now, is collecting volumes of citizen data to analyse behaviour, and service government platforms with insights to provide a more intuitive and tailored experience. The idea is to offer people a seamless digital interface with the government at key moments through their lives, from births to funeral planning, with anything and everything in between like buying a house or starting a business.</p><h3 class="article-body__section" id="section-no-more-bumbling-along-39"><span>No more bumbling along'</span></h3><p>Although these aims have been in the pipeline for some time, according to the chief executive of the civil service John Manzoni, it's the desire to adapt to a volatile landscape that's bringing them forward.</p><p>"The Brexit opportunity, of course, is forcing the pace on a number of issues, and just to highlight one, the possibility for establishing a single portal through which citizens interact with government, and then joining everything up behind," said Manzoni. </p><p>"There are enormous amounts of work being done, particularly around the Brexit thing, being done at real pace; an extraordinary effort. These are some examples of how do we use what's going on in our environment today to accelerate where we really want to get to'.</p><p>"We didn't have to do that, of course, we could have done it in the old way. We could have stuck in our existing silos and we could have bumbled along. No. We've got to use these opportunities to accelerate change and be the civil service we ought to be."</p><p>Manzoni added this entire process has helped to break down the existing silos across government and bring about a more cohesive approach to digital transformation.</p><h3 class="article-body__section" id="section-breaking-down-barriers-by-creating-agile-teams"><span>Breaking down barriers by creating agile teams</span></h3><p>For now, at least, efforts have centred on ensuring departments and wider society can be as prepared as possible for any disruption caused when the UK leaves the EU. GDS has seen an opportunity to use its flagship gov.uk platform as a key plank in these efforts, with the 60-second Brexit checker tool, hosted by GDS, serving as one key example. </p><p>It's largely involved ensuring that relevant people have as much information as possible, according to GDS policy and strategy lead Lyndsay Baker and content lead Jon Sanger. Some government departments, for example, have been reminded they have responsibilities for multiple areas of policy, while by contrast, a set of multiple departments may be told of their responsibility for a single policy area.</p><p>This process has involved building agile teams that span communications, content, and policy areas, among other roles and functions, all working together and coordinated by GDS. This has led to the creation of a model for emergency planning' that can then be replicated in the future, particularly in the reams of work to be done post-EU withdrawal. </p><p>"Knowing what data and evidence is available to identify and solve problems, and running user research sessions, creates clarity on what you need to build," Sanger said. "Creating the agile, multi-disciplinary teams that use those processes means you know how to build it. </p><p>"And the important thing here is empowerment; making sure those teams have the expertise and the ability to decide what good' looks like and that their organisations will support them."</p><h3 class="article-body__section" id="section-emulating-netflix-for-smarter-public-services"><span>Emulating Netflix for smarter public services</span></h3><p>For any of GDS' aims to come to fruition, the organisation needs a rich and substantive dataset of user interactions which can be used to tailor experiences across the entire gov.uk platform to individual users. Civil servants and ministers characterise this as emulating the way Netflix and Citymapper process user data to offer a more intuitive user experience.</p><p>Although such models are considered normal, customers and users still value measures to preserve privacy and ensure their data cannot be used to micro-target them with messaging and advertising. </p><p>Alarms rang when <em>BuzzFeed News</em> reported the <a href="https://www.buzzfeed.com/alexspence/boris-johnson-dominic-cummings-voter-data" target="_blank">prime minister's most senior aide Dominic Cummings weighed in on GDS' plans</a> to gather user data and subject this to high-quality analytics. However, officials maintain there will remain a complete separation between this work to improve the service offered by the gov.uk platform and political activities.</p><p>Given and Cummings' role in the contentious Vote Leave campaign, and the political nature of Brexit, concerns have been inflamed. GDS claims the pace at which this process of <a href="https://www.itpro.com/business-intelligence/28220/what-is-data-analytics" target="_blank" data-original-url="https://www.itpro.com/business-intelligence/28220/what-is-data-analytics">data collection and analytics</a> is happening, however, is necessary as it expects hundreds of thousands, if not millions, of people to visit the government website for information in the lead up to 31 October.</p><p>"For us to understand whether people, not as individuals but on aggregate level, are taking up services that we know by virtue of the Brexit checker that they might need," Pritchard added, "we also have a need to think about the broader campaign, where there's an iterative journey to understand how prepared, for instance, businesses really are, and whether they're engaging with the services needed. </p><p>"So it's that sense of making sure we're able to refine how we are reaching the various stakeholder groups."</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Heathrow Airport and NHS Digital join ICO sandbox projects ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/policy-legislation/34115/heathrow-airport-and-nhs-digital-join-ico-sandbox-projects</link>
                                                                            <description>
                            <![CDATA[ The UK regulator will oversee the development of data-reliant services to ensure GDPR compliance ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">dVQiEBTMc8nnU8gaLCM4FR</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/ALXnFK6SGM2erwcWiQZrvJ-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Wed, 31 Jul 2019 10:30:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[GDPR]]></category>
                                                    <category><![CDATA[Security]]></category>
                                                    <category><![CDATA[Data Protection]]></category>
                                                                                                                    <dc:creator><![CDATA[ Keumars Afifi-Sabet ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/EAvwpZggMZ2K5h8s2pTAEm.jpg ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/ALXnFK6SGM2erwcWiQZrvJ-1280-80.jpg">
                                                            <media:credit><![CDATA[Shutterstock]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[woman clicking on keyboard with GDPR in white letters]]></media:description>                                                            <media:text><![CDATA[woman clicking on keyboard with GDPR in white letters]]></media:text>
                                <media:title type="plain"><![CDATA[woman clicking on keyboard with GDPR in white letters]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/ALXnFK6SGM2erwcWiQZrvJ-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>The <a href="https://www.itpro.com/information-commissioner/31751/what-is-the-information-commissioner-s-office-ico" target="_blank" data-original-url="https://www.itpro.com/information-commissioner/31751/what-is-the-information-commissioner-s-office-ico">Information Commissioner's Office (ICO)</a> has fired the starting gun for the pilot phase of its "regulatory sandbox", with ten data-dependent projects ranging from biometric tracking to consent management taking part in the initiative.</p><p>This scheme offers organisations an environment in which the UK data regulator will provide support and guidance as they develop innovative products and services that heavily rely on the use of personal data.</p><p>During the process, the ICO will oversee the planning and implementation of these projects to ensure they're fully compliant with the <a href="https://www.itpro.com/it-legislation/27814/what-is-gdpr-everything-you-need-to-know" target="_blank" data-original-url="https://www.itpro.com/it-legislation/27814/what-is-gdpr-everything-you-need-to-know">General Data Protection Regulation (GDPR)</a>. </p><p>"The ICO supports innovation in technology and exciting new uses of data, while ensuring that people's privacy and legal rights are protected," said the information commissioner, Elizabeth Denham.</p><div  class="fancy-box"><div class="fancy_box-title"></div><div class="fancy_box_body"><p class="fancy-box__body-text"><a data-analytics-id="inline-link" href="https://www.itpro.com/privacy/32712/eprivacy-regulation-what-is-it-and-how-does-it-affect-me" data-original-url="/privacy/32712/eprivacy-regulation-what-is-it-and-how-does-it-affect-me">ePrivacy Regulation: What is it and how does it affect me?</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/data-protection/34061/what-is-the-data-protection-act-2018" data-original-url="/data-protection/34061/what-is-the-data-protection-act-2018">What is the Data Protection Act 2018?</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/general-data-protection-regulation-gdpr/33285/organisations-have-been-blind-to-gdpr-business" data-original-url="/general-data-protection-regulation-gdpr/33285/organisations-have-been-blind-to-gdpr-business">Organisations have been blind to GDPR “business opportunity”</a></p></div></div><p>"We have always said that privacy and innovation are not mutually exclusive and there doesn't need to be an either-or choice between the two.</p><p>"The sandbox will help companies and public bodies deliver new products and services of real benefit to the public, with assurance that they have tackled built-in <a href="https://www.itpro.com/data-protection/28020/data-protection-principles" target="_blank" data-original-url="https://www.itpro.com/data-protection/28020/data-protection-principles">data protection</a> at the outset."</p><p>The ICO will also use this as an opportunity to observethe industry for developments in technology and innovation, and establish both the regulatory opportunities and challenges they will generate.</p><p>The first ten pilot projects were selected from 64 applicants and are run by organisations including NHS Digital, Heathrow Airport, the Ministry of Housing and Local Government, and an authentication firm named TrustElevate.</p><p>Heathrow Airport will test its Automation of the Passenger Journey programme, which involves using facial recognition technology at each checkpoint throughout the airport from check-in to boarding gates.</p><p>NHS Digital aims to work on the design and development of a central mechanism for collecting and managing patient consents for sharing healthcare data for purposes such as medical research and clinical trials.</p><p>The Ministry of Housing Communities and Local Government, meanwhile, has partnered with the Department of Work and Pensions and Blackpool Council to match personal information controlled by various parties. This is in order to understand more about the private rented sector in Blackpool and how to improve the quality of properties.</p><p>The Greater London Authority's Violence Reduction Unit (VRU), which is also part of the project, aims to integrate various datasets, including health, social and crime data, to better understand how public health and social services can be managed to reduce crime.</p><p>The ICO first teased the sandbox last year, before <a href="https://www.itpro.com/policy-legislation/33351/icos-regulatory-sandbox-enters-beta-phase" target="_blank" data-original-url="https://www.itpro.com/policy-legislation/33351/icos-regulatory-sandbox-enters-beta-phase">opening the scheme up to applications from the end of March</a>.</p><p>The next stage will involve devising detailed plans for each project before work begins on testing the compliance of these ideas. All work is expected to be completed by September 2020, by which point these products and services will have been fully assessed.</p><p>The projects developed are expected to be fully GDPR-compliant, and run into fewer regulatory hurdles at launch.</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Liberty defeated in ‘snooper’s charter’ legal challenge  ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/policy-legislation/34101/liberty-defeated-in-snooper-s-charter-legal-challenge</link>
                                                                            <description>
                            <![CDATA[ High court rules the government’s Investigatory Powers Act doesn’t breach human rights ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">eiVekQxt648RzPuwHMw4k1</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/aSkeUjffMXVdTtw3gigp7T-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Mon, 29 Jul 2019 11:23:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[GDPR]]></category>
                                                    <category><![CDATA[Security]]></category>
                                                    <category><![CDATA[Data Protection]]></category>
                                                                                                                    <dc:creator><![CDATA[ Keumars Afifi-Sabet ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/EAvwpZggMZ2K5h8s2pTAEm.jpg ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/aSkeUjffMXVdTtw3gigp7T-1280-80.jpg">
                                                            <media:credit><![CDATA[null]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Graphic of individuals being glared at by cameras and having their privacy invaded]]></media:description>                                                            <media:text><![CDATA[Graphic of individuals being glared at by cameras and having their privacy invaded]]></media:text>
                                <media:title type="plain"><![CDATA[Graphic of individuals being glared at by cameras and having their privacy invaded]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/aSkeUjffMXVdTtw3gigp7T-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>Ambitions to curb bulk data collection practices in the government's <a href="https://www.itpro.com/policy-legislation/33407/what-is-the-investigatory-powers-act-2016" target="_blank" data-original-url="https://www.itpro.com/policy-legislation/33407/what-is-the-investigatory-powers-act-2016">Investigatory Powers Act 2016 (IPA)</a> have ended in defeat as judges ruled the bill doesn't infringe on human rights.</p><p>The UK-based human rights group Liberty has expressed its disappointment after the High Court quashed its legal challenge against what's commonly dubbed the 'snooper's charter'.</p><p>The group's challenge was based on the notion that the IPA violates citizens' right to privacy and freedom of expression as outlined by Article 8 and 10 of the European Convention on Human Rights (ECHR).</p><div  class="fancy-box"><div class="fancy_box-title"></div><div class="fancy_box_body"><p class="fancy-box__body-text"><a data-analytics-id="inline-link" href="https://www.itpro.com/data-protection/27419/gchq-mi5-and-mi6-unlawfully-collected-data-for-over-a-decade" data-original-url="/data-protection/27419/gchq-mi5-and-mi6-unlawfully-collected-data-for-over-a-decade">GCHQ, MI5 and MI6 "unlawfully" collected data for over a decade</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/privacy/30423/government-must-be-held-to-account-over-illegal-snoopers-charter" data-original-url="/privacy/30423/government-must-be-held-to-account-over-illegal-snoopers-charter">Government 'must be held to account' over illegal Snooper's Charter</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/general-data-protection-regulation-gdpr/30964/uk-data-watchdog-calls-for-tougher-investigatory" data-original-url="/general-data-protection-regulation-gdpr/30964/uk-data-watchdog-calls-for-tougher-investigatory">UK data watchdog calls for tougher investigatory powers under GDPR</a></p></div></div><p>Lord Justice Singh and Mr Justice Holgate, however, dismissed the claim at the high court in London today, arguing there are appropriate safeguards in place to protect people against abuse of their fundamental rights.</p><p>"This disappointing judgment allows the government to continue to spy on every one of us, violating our rights to privacy and free expression," said Liberty lawyer Megan Goulding.</p><p>"We will challenge this judgment in the courts, and keep fighting for a targeted surveillance regime that respects our rights.</p><p>"These bulk surveillance powers allow the state to hoover up the messages, calls and web history of hordes of ordinary people who are not suspected of any wrong-doing.</p><p>"The Court recognised the seriousness of MI5's unlawful handling of our data, which only emerged as a result of this litigation. The security services have shown that they cannot be trusted to keep our data safe and respect our rights."</p><p>Liberty and other human rights and privacy groups have been wrangled in a legal battle with the government over the IPA since its passage through parliament.</p><p>This fight has seen the group claim a handful of victories, including a successful challenge last year against the <a href="https://www.itpro.com/privacy/31015/liberty-wins-its-first-fight-against-the-snoopers-charter" target="_blank" data-original-url="https://www.itpro.com/privacy/31015/liberty-wins-its-first-fight-against-the-snoopers-charter">government's power to force communications and internet companies to store data on UK citizens</a>.</p><p>Most recently, Liberty challenged the secrecy of the Investigatory Powers Tribunal (IPT), an independent body that judges whether GCHQ, MI5 and MI6 cyber activity remains within the scope of the law.</p><p>Previously, complaints received would lead to judgements being made in secret, but a <a href="https://www.itpro.com/policy-legislation/33655/gchq-mi5-decisions-can-now-be-challenged-in-court" target="_blank" data-original-url="https://www.itpro.com/policy-legislation/33655/gchq-mi5-decisions-can-now-be-challenged-in-court">4-3 majority on the supreme court ruled these agencies' powers be open to judicial review</a>, and openly challenged in court.</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ EU plotting to overhaul rules governing tech giants ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/policy-legislation/34075/eu-plotting-to-overhaul-rules-governing-tech-giants</link>
                                                                            <description>
                            <![CDATA[ The latest crackdown against harmful content may take a more centralised shape ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">qrzxCPN1iJpoeLgyXC5G7s</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/qa9LbMN23tG2VgwYYU4GqR-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Wed, 24 Jul 2019 14:39:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[GDPR]]></category>
                                                    <category><![CDATA[Security]]></category>
                                                    <category><![CDATA[Data Protection]]></category>
                                                                                                                    <dc:creator><![CDATA[ Keumars Afifi-Sabet ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/EAvwpZggMZ2K5h8s2pTAEm.jpg ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/qa9LbMN23tG2VgwYYU4GqR-1280-80.jpg">
                                                            <media:credit><![CDATA[null]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[EU commission flag]]></media:description>                                                            <media:text><![CDATA[EU commission flag]]></media:text>
                                <media:title type="plain"><![CDATA[EU commission flag]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/qa9LbMN23tG2VgwYYU4GqR-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>The European Union (EU) has, for years, been incensed with the way social media firms have allowed harmful and illegal content to spread like wildfire across their networks. But officials in charge haven't quite settled on a concrete way of tackling this. </p><p>Guidelines proposed by the European Commission nearly two years ago <a href="https://www.itpro.com/it-regulation/29584/eu-presses-tech-firms-to-eradicate-online-hate-speech" target="_blank" data-original-url="https://www.itpro.com/it-regulation/29584/eu-presses-tech-firms-to-eradicate-online-hate-speech">suggested a voluntary approach for tech companies</a> in removing hate speech from their platforms. However, while social media sites have been digging their heels in, the threat of enforceable regulation has been growing.</p><div  class="fancy-box"><div class="fancy_box-title"></div><div class="fancy_box_body"><p class="fancy-box__body-text"><a data-analytics-id="inline-link" href="https://www.itpro.com/policy-legislation/33840/what-the-next-prime-minister-means-for-uk-tech" data-original-url="/policy-legislation/33840/what-the-next-prime-minister-means-for-uk-tech">Tory leadership race: Where each candidate stands on UK tech</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/policy-legislation/33968/government-clampdown-bolsters-tech-giants" data-original-url="/policy-legislation/33968/government-clampdown-bolsters-tech-giants">Government clampdown bolsters tech giants</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/machine-learning/33246/facebook-offers-insight-into-how-the-nz-shooter-video-spread" data-original-url="/machine-learning/33246/facebook-offers-insight-into-how-the-nz-shooter-video-spread">Facebook offers insight into how the NZ shooter video spread</a></p></div></div><p>In March last year, the European Commission outlined alternative plans <a href="https://www.itpro.com/security/30674/eu-to-give-tech-firms-one-hour-to-remove-illegal-content" target="_blank" data-original-url="https://www.itpro.com/security/30674/eu-to-give-tech-firms-one-hour-to-remove-illegal-content">giving these platforms just one hour to remove such content</a> before imposing penalties.</p><p>The latest proposals, according to <a href="https://www.ft.com/content/e9aa1ed4-ad35-11e9-8030-530adfa879c2" target="_blank"><em>the Financial Times</em></a>, involve literally rewriting the rulebook on how to engage with big tech. What's being dubbed the "Digital Services Act" is expected to give the EU a raft of legal powers to influence how social media platforms govern hate speech, extremist material and political advertising.</p><h3 class="article-body__section" id="section-a-concentration-of-power"><span>A concentration of power</span></h3><p>The European Commission's latest proposals go so far as to wrestle away control from individual member states and funnel this power into a continental regulator.</p><p><a href="https://netzpolitik.org/2019/leaked-document-eu-commission-mulls-new-law-to-regulate-online-platforms" target="_blank">According to Netz Politik</a>, the German IT publication that originally broke the story, the new laws will substitute the older e-commerce directive, which stretches back to the year 2000. These legacy regulations are, quite simply, not fit for purpose in a modern age, and don't specify how they can be tailored to apply to the tech sector.</p><p>Under these new plans, however, officials will have the opportunity to craft sharper rules to fit around all facets of modern tech like cloud computing and social media. Provisions for <a href="https://www.itpro.com/information-commissioner/33506/ico-spots-gap-in-governments-online-harms-white-paper" target="_blank" data-original-url="https://www.itpro.com/information-commissioner/33506/ico-spots-gap-in-governments-online-harms-white-paper">online political advertising</a>, especially, will have a newfound prominence given how concerned the EU has been about bad actors influencing online political discourse.</p><p>The most eye-catching aspect is certainly the creation of a new centralised EU tech regulator with enforcement powers. Where the EU's <a href="https://www.itpro.com/it-legislation/27814/what-is-gdpr-everything-you-need-to-know" target="_blank" data-original-url="https://www.itpro.com/it-legislation/27814/what-is-gdpr-everything-you-need-to-know">General Data Protection Regulation (GDPR)</a> entrusted member states with statutory powers to fine organisations for violating strict <a href="https://www.itpro.com/data-protection/28020/data-protection-principles" target="_blank" data-original-url="https://www.itpro.com/data-protection/28020/data-protection-principles">data protection principles</a>, this will do the opposite.</p><p>Once the Digital Services Act comes into effect, member states will be required to repeal any domestic legislation regarding blocking content, or bring this in line with the EU's, partner with White & Case LLP Tim Hickman told <em>IT Pro.</em></p><p>"The boundary between EU law and the domestic laws in this area is complex. In particular, the proposed Digital Services Act aims to tackle the problem of hate speech.</p><p>"However, much online speech is protected by the right to freedom of expression and information, in Article 10 of the European Convention on Human Rights, a treaty that the EU does not have the power to amend."</p><p>He added domestic laws regarding freedom of expression and freedom of information fall largely outside the EU's purview. This means approaches to tackling hate speech may yet diverge from one Member State to another.</p><h3 class="article-body__section" id="section-the-brexit-factor"><span>The Brexit factor</span></h3><p>The EU's moves could potentially scupper the UK's own plans to enforce regulation of online content, subject to the outcome of the Brexit fiasco and how closely the UK and EU will be regulatorily aligned.</p><p>After months of dithering and speculation, the Department for Digital, Culture, Media and Sport (DCMS) jointly-launched proposals with the Home Office in April outlining how the government plans to tackle these very issues.</p><p>If <a href="https://www.itpro.com/policy-legislation/33408/uk-s-digital-regulator-will-fine-tech-giants-for-spreading-harmful-content" target="_blank" data-original-url="https://www.itpro.com/policy-legislation/33408/uk-s-digital-regulator-will-fine-tech-giants-for-spreading-harmful-content">proposals outlined in the "Online Harms" white paper</a> come to fruition, the government will establish a statutory regulator with powers to punish internet giants if they neglect to abide by a "duty of care". In extreme cases, the state regulator will disrupt companies' business operations and order internet service providers (ISPs) to block non-compliant digital services or apps entirely.</p><p>While the EU's plans aren't too dissimilar, under its model, proposals like these for national bodies will be overridden.</p><p>One reason for this could rest with the fact a number of member states have lately elected governments of a far-right persuasion, with Hungary and Italy being notable examples. Authorities in these countries may be less likely to be decisive on the spread of some forms of hate speech and disinformation across social media networks than this proposed legislation would require. Another reason could be that countries are simply lagging behind in the process of establishing ways of monitoring and regulating harmful content online.</p><h3 class="article-body__section" id="section-targeting-big-tech"><span>Targeting big tech</span></h3><p>These plans are nakedly aimed at companies like Facebook and Twitter, with these platforms often rampant with "fake news" and content deemed harmful.</p><p>The EU and the UK argue these companies have not been doing enough to get a handle on this issue. The likes of Facebook, Twitter and YouTube have, however, <a href="https://www.itpro.com/policy-legislation/32931/european-commission-says-tech-giants-are-more-effectively-examining-illegal" target="_blank" data-original-url="https://www.itpro.com/policy-legislation/32931/european-commission-says-tech-giants-are-more-effectively-examining-illegal">actually shown improvements in the way they tackle harmful content</a>, with a European study published in February showing as much.</p><p>For instance, during a six-week period in 2018, 89% of flagged hate speech on platforms like Facebook, YouTube and Instagram were monitored within 24 hours, with 72% of this removed. This is in contrast to a previous study published in 2016 which revealed only 40% of flagged content was examined in the same time frame, and just 28% was removed, during the same period.</p><p>There's also the prospect that regulations in this space may disproportionately benefit a select few larger companies against the wider industry. The "Online Harms" white paper, for instance, <a href="https://www.itpro.com/policy-legislation/33968/government-clampdown-bolsters-tech-giants" target="_blank" data-original-url="https://www.itpro.com/policy-legislation/33968/government-clampdown-bolsters-tech-giants">will hit smaller companies with increased costs and penalties where larger companies can simply absorb these</a>.</p><p>"The reality is that it isn't tech companies, broadly, that the government is concerned about - it's a very small number of specific big platforms," Richard Wingfield, legal officer for Global Partners Digital, told <em>IT Pro</em>.</p><p>"But if you look at the scope of the white paper, it's about any company or platform that allows users to share or generate content that could be your local online newspaper that has a comments section, or Mumsnet, or blogging platforms.</p><p>"One of the unintended consequences is that you risk entrenching the dominance of the big platforms that are causing the government the most problems.</p><p>"If you impose these requirements on all of these smaller platforms, it makes them less likely to start-up in the first place - particularly if you have things like criminal liability for management of these companies."</p><p>The EU's own proposals are still being drafted, and are not expected to be published until at least the end of the year. Officials with the European Commission will engage with the tech sector about their plans, and are expected to assess the shortcomings of existing rules over the next few months.</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Facebook’s historic $5bn FTC settlement branded a "sweetheart deal" ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/policy-legislation/34015/facebook-s-historic-5bn-ftc-settlement-branded-a-sweetheart-deal</link>
                                                                            <description>
                            <![CDATA[ Critics worry this is a missed opportunity to change Facebook's data practices after the Cambridge Analytica scandal ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">jJD9md1Ry5XeBH3AaP9nEY</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/LKz9bWBZf2hJRQib9LuxFA-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Mon, 15 Jul 2019 11:00:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[GDPR]]></category>
                                                    <category><![CDATA[Security]]></category>
                                                    <category><![CDATA[Data Protection]]></category>
                                                                                                                    <dc:creator><![CDATA[ Keumars Afifi-Sabet ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/EAvwpZggMZ2K5h8s2pTAEm.jpg ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/LKz9bWBZf2hJRQib9LuxFA-1280-80.jpg">
                                                            <media:credit><![CDATA[Shutterstock]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[The Facebook logo on a phone in front of a large background with Cambridge Analytica]]></media:description>                                                            <media:text><![CDATA[The Facebook logo on a phone in front of a large background with Cambridge Analytica]]></media:text>
                                <media:title type="plain"><![CDATA[The Facebook logo on a phone in front of a large background with Cambridge Analytica]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/LKz9bWBZf2hJRQib9LuxFA-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>The Federal Trade Commission (FTC) will levy a $5 billion fine against Facebook as part of a wider settlement agreed following an investigation into the Cambridge Analytica data-sharing scandal.</p><p>Subject to final approval by the US Justice Department, Facebook will face the largest financial penalty a tech firm has been handed by a government regulator for breaching data protection laws. The fine is many multiples larger than the <a href="https://www.itpro.com/general-data-protection-regulation-gdpr/32811/france-issues-google-with-the-heaviest-gdpr-fine-to" target="_blank" data-original-url="https://www.itpro.com/general-data-protection-regulation-gdpr/32811/france-issues-google-with-the-heaviest-gdpr-fine-to">French data protection authority's 44 million fine against Google</a> earlier this year for violating the <a href="https://www.itpro.com/it-legislation/27814/what-is-gdpr-everything-you-need-to-know" target="_blank" data-original-url="https://www.itpro.com/it-legislation/27814/what-is-gdpr-everything-you-need-to-know">General Data Protection Regulation (GDPR)</a>, which stood as the largest fine officially levied until now.</p><p>The agreement, which was reached following months of negotiations between two parties, also sees Facebook subject to greater oversight, <a href="https://www.nytimes.com/2019/07/12/technology/facebook-ftc-fine.html" target="_blank">according to <em>the New York Times (NYT)</em></a>. But the social media giant will not be restricted in the ways it shares users' data with third-parties.</p><div  class="fancy-box"><div class="fancy_box-title"></div><div class="fancy_box_body"><p class="fancy-box__body-text"><a data-analytics-id="inline-link" href="https://www.itpro.com/general-data-protection-regulation-gdpr/31330/how-to-reclaim-your-data-from-google-facebook" data-original-url="/general-data-protection-regulation-gdpr/31330/how-to-reclaim-your-data-from-google-facebook">How to reclaim your data from Google, Facebook, Microsoft, Apple under GDPR</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/policy-legislation/33021/facebook-behaves-like-digital-gangsters-with-customer-data-mps-warn" data-original-url="/policy-legislation/33021/facebook-behaves-like-digital-gangsters-with-customer-data-mps-warn">Facebook behaves like "digital gangsters" with customer data, MPs warn</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/data-protection/33386/third-party-facebook-app-leaked-540m-user-records-on-aws-server" data-original-url="/data-protection/33386/third-party-facebook-app-leaked-540m-user-records-on-aws-server">Third-party Facebook app leaked 540m user records on AWS server</a></p></div></div><p>Many, including <em>the Observer</em> journalist Carole Cadwalladr who initially broke the Cambridge Analytica story, have branded the settlement inadequate. Cadwalladr herself <a href="https://twitter.com/carolecadwalla/status/1149956497193021440" target="_blank">described the agreement as "a sweetheart deal"</a>, declaring that Facebook "is well and truly out of control".</p><p>The $5 billion fine represents approximately 9% of Facebook's annual turnover for 2018, <a href="https://www.itpro.com/general-data-protection-regulation-gdpr/31025/gdpr-fines-how-high-are-they-and-how-can-you-avoid" target="_blank" data-original-url="https://www.itpro.com/general-data-protection-regulation-gdpr/31025/gdpr-fines-how-high-are-they-and-how-can-you-avoid">more than double the maximum GDPR penalty</a> an EU regulator can levy against the company.</p><p>But Facebook's share price actually rose as the news broke on Friday, with investors pleased the FTC's investigation will soon conclude without spilling out into a lengthy saga that dominates newspaper headlines. Moreover, the company has cash reserves of more than $40 billion, <em>the NYT</em> claims.</p><p>The settlement was agreed by a 3-2 majority vote of the FTC's board split based on party lines, with Republicans in favour and Democrats against.</p><p>Facebook was also found to have violated a previous settlement with the FTC struck in 2011 after the firm was required to change its privacy policies following widespread criticism.</p><p>Following the launch of its investigation into Facebook's data practices in March 2018, the US regulator had been <a href="https://www.itpro.com/tag/facebook" target="_blank" data-original-url="https://www.itpro.com/privacy/33018/facebook-set-to-pay-multi-billion-dollar-fine-to-settle-us-ftc-privacy-probe">expected to levy a fine against Facebook in the region of $3 billion to $5 billion</a>. The outcome of the settlement negotiation was also previously thought to include a clause in which <a href="https://www.itpro.com/privacy/33562/facebook-could-face-ftc-oversight-as-part-of-cambridge-analytica-settlement" target="_blank" data-original-url="https://www.itpro.com/privacy/33562/facebook-could-face-ftc-oversight-as-part-of-cambridge-analytica-settlement">federally-appointed privacy executives would be injected into the highest levels of the company</a>, yet this has yet to materialise.</p><p>The UK's <a href="https://www.itpro.com/information-commissioner/31751/what-is-the-information-commissioner-s-office-ico" target="_blank" data-original-url="https://www.itpro.com/information-commissioner/31751/what-is-the-information-commissioner-s-office-ico">Information Commissioner's Office (ICO)</a> previously fined Facebook 500,000 for violating the <a href="https://www.itpro.com/data-protection/28085/what-is-the-data-protection-act-1998" target="_blank" data-original-url="https://www.itpro.com/data-protection/28085/what-is-the-data-protection-act-1998">Data Protection Act 1998</a> in the wake of the Cambridge Analytica scandal. This was the maximum fine that could be handed to the firm under legislation that applied prior to GDPR's introduction.</p><p>Data protection authorities in the EU, meanwhile, are still probing Facebook for a handful of GDPR violations, namely the <a href="https://www.itpro.com/general-data-protection-regulation-gdpr/33111/facebook-is-subject-to-10-major-gdpr-investigations" target="_blank" data-original-url="https://www.itpro.com/general-data-protection-regulation-gdpr/33111/facebook-is-subject-to-10-major-gdpr-investigations">Irish data regulator which is currently pursuing ten investigations against the firm</a>.</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ What is ISO 27001? ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/it-governance/31712/what-is-iso-27001</link>
                                                                            <description>
                            <![CDATA[ We explain what ISO 27001 is and how it relates to IT management systems ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">hRfqdPRgYzBnv4vrVzqZsQ</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/iiB6QBechRHdboBBzRbb3d-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Thu, 11 Jul 2019 12:12:00 +0000</pubDate>                                                                                                                                <updated>Wed, 08 Apr 2020 13:29:00 +0000</updated>
                                                                                                                                            <category><![CDATA[Security]]></category>
                                                                                                                    <dc:creator><![CDATA[ Dale Walker ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/YhUVp3rWtcZPM5XznPeTmX.jpg ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/iiB6QBechRHdboBBzRbb3d-1280-80.jpg">
                                                            <media:credit><![CDATA[Shutterstock]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[security in either data protection or cyber security ]]></media:description>                                                            <media:text><![CDATA[security in either data protection or cyber security ]]></media:text>
                                <media:title type="plain"><![CDATA[security in either data protection or cyber security ]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/iiB6QBechRHdboBBzRbb3d-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>Among the family of ISO 27000 international family of standards for IT systems is ISO 27001, which a security standard for computer systems that offer the procedures for keeping an organisation’s assets safe. </p><p>The broader family of standards refer to information security management systems, although this particular standard handles bundling a company’s security processes into a single management platform. Organisations that meet the requirements can be certified under the ISO 27001 standard by an accredited organisation after completing an audit.</p><p>ISO 27001 offers a framework which aims to maintain a company’s risk management strategy and ensure this is free of any policy gaps or security holes. The standard will help businesses find any gaps that may arise, which if left unchecked would create a risk to the organisation’s data. Implementing the standard in full would, in practice, ensure processes are put into motion that prevents such data risk in future.</p><p>The standard itself comprises a swathe of guidelines, certifications and systems required to help any business assess its internal procedures. Organisations may otherwise have to rely on separate services for handling the dynamic and multi-faceted risk to data, rather than the single unified approach which ISO 27001 offers. </p><p>Elements of a business may, for example, be identified as being high-risk, and may already have some procedures in place to ensure there are no missteps. Other areas within a business may, by contrast, pose less risk and may, therefore, have historically never been properly assessed or audited.</p><p>When ISO 27001 was first outlined in the 90s, it allowed for the wealth of separate processes to be brought under a single umbrella, with the standard designed to handle multiple components within a single management system. This allows managers to examine such assessments across an entire organisation as a whole.</p><p>Since its inception, ISO 27001 has been updated significantly, with a major overhaul in 2013. There were initially just five clauses, which served as the main objectives for the standard, with the update raising this to ten. They are as follows:</p><div  class="fancy-box"><div class="fancy_box-title"></div><div class="fancy_box_body"><p class="fancy-box__body-text"><a data-analytics-id="inline-link" href="https://www.itpro.com/careers/28212/a-guide-to-cyber-security-certification-and-training" data-original-url="/careers/28212/a-guide-to-cyber-security-certification-and-training">A guide to cyber security certification and training</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/security/28196/the-cybersecurity-skills-your-business-needs" data-original-url="/security/28196/the-cybersecurity-skills-your-business-needs">The cyber security skills your business needs</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/security/30102/how-to-use-machine-learning-and-ai-in-cyber-security" data-original-url="/security/30102/how-to-use-machine-learning-and-ai-in-cyber-security">How to use machine learning and AI in cyber security</a></p></div></div><p>The standard itself comprises a swathe of guidelines, certifications and systems required to help any business assess its internal procedures. Organisations may otherwise have to rely on separate services for handling the dynamic and multi-faceted risk to data, rather than the single unified approach which ISO 27001 offers. </p><p>Elements of a business may, for example, be identified as being high-risk, and may already have some procedures in place to ensure there are no missteps. Other areas within a business may, by contrast, pose less risk and may, therefore, have historically never been properly assessed or audited.</p><p>When ISO 27001 was first outlined in the 90s, it allowed for the wealth of separate processes to be brought under a single umbrella, with the standard designed to handle multiple components within a single management system. This allows managers to examine such assessments across an entire organisation as a whole.</p><p>Since its inception, ISO 27001 has been updated significantly, with a major overhaul in 2013. There were initially just five clauses, which served as the main objectives for the standard, with the update raising this to ten. They are as follows:</p><ol><li>Scope of the standard</li><li>How the document is referenced</li><li>Reuse of the terms and definitions in ISO/IEC 27000</li><li>Organizational context and stakeholders</li><li>Information security leadership and high-level support for policy</li><li>Planning an information security management system; risk assessment; risk treatment</li><li>Supporting an information security management system</li><li>Making an information security management system operational</li><li>Reviewing the system's performance</li><li>Corrective action</li></ol><h3 class="article-body__section" id="section-history-of-iso-27001"><span>History of ISO 27001</span></h3><p>Guidance around IT security was first introduced in 1992 when the Department of Trade and Industry (DTI) published a code of practice or IT security management.</p><p>In 1995, the British Standards Institute republished it as BS7799. This was revised over the years and in 2000, it was fast-tracked as an ISO and became ISO 17799.</p><p>In 2002, this was updated and a second part introduced - BS7799-2, an Information Security Management Specification, rather than a code of practice. This update entered the ISO fast track in 2005 and became the ISO27001.</p><p>It was updated significantly in 2013, overhauling how ISO27001 works. One major change was addressing the trend of using databases to store information rather than only physical documents.</p><h3 class="article-body__section" id="section-key-guidelines-in-iso-27001"><span>Key guidelines in ISO 27001</span></h3><p>Although there are many requirements of ISO 27001, the primary concerns (and those that are audited in order for an organisation to become certified) are that management must continuously analyse the businesses security risks, design and implement a collection of security controls and how to manage risks and adopt an overall management process that ensures the business is never left open to risk and that security needs are continuously addressed. Specifically, ISO 27001 requires management to:</p><ul><li>Examine the organisation's security holes through risk assessments</li><li>Design and implement a comprehensive suite of security controls</li><li>Define the scope of the ISMS</li><li>Adopt new processes to ensure new security controls meet the needs of the business</li></ul><h3 class="article-body__section" id="section-how-to-become-certified-for-iso-27001"><span>How to become certified for ISO 27001</span></h3><p>Gaining certification in ISO 27001 is a great way to demonstrate your company's commitment to data security, and show that you take security management seriously. When faced with two organisations, clients will usually pick the one that's certified over the one that isn't.</p><p>ISO 27001 certification is undertaken by third-party certification bodies and the processes each will analyse varies greatly.</p><p>Before the audit begins, the company's management will decide upon the parts of a business that will be certified upon completion. This can be the entire organisation or just a department or division, depending on what the management deems suitable.</p><p>Anything not included in this initial scope will not be certified and therefore, if only part of the business is certified, there are no guarantees the rest of the organisation is sticking to the guidelines.</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Tech industry bands together to oppose GCHQ snooping ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/policy-legislation/33741/tech-industry-bands-together-to-oppose-gchq-snooping</link>
                                                                            <description>
                            <![CDATA[ Google, Apple, WhatsApp, Microsoft and others to sign an open letter imploring GCHQ to understand implications of its 'ghost protocol' ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">aZ41Meu3FDCWqq2D6n9twv</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/6V9hwuxnCVHtZJCfrVd2jd-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Fri, 31 May 2019 09:55:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Encryption]]></category>
                                                    <category><![CDATA[Security]]></category>
                                                                                                                    <dc:creator><![CDATA[ Connor Jones ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/LPjgE2kGKixS9aF7Jdp2mT.png ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/6V9hwuxnCVHtZJCfrVd2jd-1280-80.jpg">
                                                            <media:credit><![CDATA[null]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Internet snooping]]></media:description>                                                            <media:text><![CDATA[Internet snooping]]></media:text>
                                <media:title type="plain"><![CDATA[Internet snooping]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/6V9hwuxnCVHtZJCfrVd2jd-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>Google, Apple, WhatsApp and Microsoft have signed an open letter with 43 other signatories opposing GCHQ's plans to embed itself in every encrypted messaging service in the UK.</p><p>The proposal put forth by the British cyber security agency would entail adding a "ghost" user to an end-to-end encrypted messaging service to oversee the content of messages, much like how a group chat would work within the service.</p><p>The 47 signatories which include privacy advocate groups, tech giants and Ivy League academics all say that while the principles outlined by GCHQ in November 2018 regarding the need to protect privacy and security are "a step in the right direction", but putting them in practice "would violate important human rights principles".</p><p>"The ghost proposal would create digital security risks by undermining authentication systems by introducing unintentional vulnerabilities and by creating new risks of abuse or misuse of systems," read <a href="https://www.lawfareblog.com/open-letter-gchq-threats-posed-ghost-proposal" target="_blank">the open letter</a>. "Importantly, it would undermine the GCHQ principles on user trust and transparency."</p><div  class="fancy-box"><div class="fancy_box-title"></div><div class="fancy_box_body"><p class="fancy-box__body-text"><a data-analytics-id="inline-link" href="https://www.itpro.com/security/32470/gchq-opens-up-about-concealing-cyber-threats-from-global-community" data-original-url="/security/32470/gchq-opens-up-about-concealing-cyber-threats-from-global-community">GCHQ opens up about concealing cyber threats from global community</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/security/31575/why-encryption-is-the-key-to-your-security-strategy" data-original-url="/security/31575/why-encryption-is-the-key-to-your-security-strategy">Why encryption is the key to your security strategy</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/public-sector/26057/apple-vs-fbi-nsa-reveals-why-it-couldnt-hack-san-bernardino-iphone" data-original-url="/public-sector/26057/apple-vs-fbi-nsa-reveals-why-it-couldnt-hack-san-bernardino-iphone">Apple vs FBI: NSA reveals why it couldn't hack San Bernardino iPhone</a></p></div></div><p>"Any functioning democracy will ensure that its law enforcement and intelligence methods are overseen independently and that the public can be assured that any intrusions into people's lives are necessary and proportionate," said Ian Levy and Crispin Robinson of GCHQ in <a href="https://www.lawfareblog.com/principles-more-informed-exceptional-access-debate" target="_blank">a joint essay</a>.</p><p>"In the UK, under the Investigatory Powers Act 2016, that means a Secretary of State and an independent judge must both sign-off the use of the most intrusive powers," they added. "We believe this provides world-class oversight of our law enforcement and intelligence agencies."</p><p>You can think of <a href="https://www.itpro.com/security/31575/why-encryption-is-the-key-to-your-security-strategy" target="_blank" data-original-url="https://www.itpro.com/security/31575/why-encryption-is-the-key-to-your-security-strategy">end-to-end encryption of messages</a> like an archaic tin can and rope method of communication. Only those with access to that rope can send or receive the communication, keeping everyone else out. That's how messages over services such as WhatsApp and iMessage are conducted, using public key cryptography.</p><p>GCHQ plans to embed a "ghost" agent within these messages, creating a three-way communication line with one invisible participant so the agency can oversee messages that would usually be hidden from them.</p><p>"It's relatively easy for a service provider to silently add a law enforcement participant to a group chat or call," said Levy and Robinson. "You end up with everything still being end-to-end encrypted, but there's an extra 'end' on this particular communication."</p><p>"We're not talking about weakening encryption or defeating the end-to-end nature of the service," they added. "In a solution like this, we're normally talking about suppressing a notification on a target's device, and only on the device of the target and possibly those they communicate with. That's a very different proposition to discuss and you don't even have to touch the encryption."</p><p>The reason why GCHQ wants access to these messaging services isn't to spy on regular civilians' personal conversations out of perversion, it's to reduce the powers held by criminal and terrorist organisations that can use these services to plan crimes without law enforcement knowing.</p><p>While most can agree that GCHQ should have these powers to protect national security, it does present a conflict, namely between protecting the interests of national security against the fundamental human rights of freedom of expression and privacy of one's own correspondence.</p><p>It's a similar conflict of rights that Google had to wrestle with when drafting and imposing its '<a href="https://www.itpro.com/data-protection/22378/what-is-googles-right-to-be-forgotten" target="_blank" data-original-url="https://www.itpro.com/data-protection/22378/what-is-googles-right-to-be-forgotten">right to be forgotten</a>' after a lengthy legal battle with the European courts.</p><p>It isn't the first time Apple, in particular, has openly opposed breaking end-to-end encryption of messages sent between members of the public. In a famous legal battle with the FBI, the company <a href="https://www.itpro.com/public-sector/26057/apple-vs-fbi-nsa-reveals-why-it-couldnt-hack-san-bernardino-iphone" target="_blank" data-original-url="https://www.itpro.com/public-sector/26057/apple-vs-fbi-nsa-reveals-why-it-couldnt-hack-san-bernardino-iphone">refused to unlock an iPhone belonging to the terrorists</a> who committed the San Bernadino shootings in 2015.</p><p>Apple wasn't prepared to sacrifice user privacy, their trust in the company's commitment to user security and the sacrosanct encryption of their devices, despite heavy pressure from the FBI amid a major case of national security.</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ ARM, EE and Microsoft form the latest companies to exclude Huawei ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/policy-legislation/33690/arm-ee-and-microsoft-form-the-latest-companies-to-exclude-huawei</link>
                                                                            <description>
                            <![CDATA[ The effects of these inclusions, if made permanent, have been descibed as "insurmountable" ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">9QiNjB74VBikQKkbXBtz7s</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/6QTCJfDTXShW8DX8MYmaJb-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Wed, 22 May 2019 11:39:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Policy and Legislation]]></category>
                                                    <category><![CDATA[Business]]></category>
                                                                                                                    <dc:creator><![CDATA[ Connor Jones ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/LPjgE2kGKixS9aF7Jdp2mT.png ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/6QTCJfDTXShW8DX8MYmaJb-1280-80.jpg">
                                                            <media:credit><![CDATA[Shutterstock]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Huawei logo on the side of a building as people walk past]]></media:description>                                                            <media:text><![CDATA[Huawei logo on the side of a building as people walk past]]></media:text>
                                <media:title type="plain"><![CDATA[Huawei logo on the side of a building as people walk past]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/6QTCJfDTXShW8DX8MYmaJb-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>Huawei is facing a host of challenges as more of its partners strip its products from their stores and exclude them from the latest lucrative deals.</p><p>A swathe of companies and partners to Huawei have announced this week that they won't be supporting the sales of Huawei devices, further damaging the company's chances of success outside of China.</p><p>The company has said that it will be working on its own mobile operating system as doubt is cast over its future with Android in the wake of <a href="https://www.itpro.com/policy-legislation/33672/us-relaxes-trade-restrictions-on-huawei-founder-uninterested" target="_blank" data-original-url="https://www.itpro.com/policy-legislation/33672/us-relaxes-trade-restrictions-on-huawei-founder-uninterested">President Trump's executive order</a> imposed last week.</p><p>The restrictions have been loosed for the next 89 days, but after that time, all future Huawei devices released may not have a license to use the Android OS, meaning it must develop its own or use something else.</p><p>The problem with this is that whatever mobile OS it chooses to use, it's likely to cause difficulty for the company and its users with regards to the effectiveness of its functionality without a diverse ecosystem of apps made available for the freshly-developed OS in its infancy.</p><div  class="fancy-box"><div class="fancy_box-title"></div><div class="fancy_box_body"><p class="fancy-box__body-text"><a data-analytics-id="inline-link" href="https://www.itpro.com/network-internet/33685/ees-5g-network-will-launch-30-may" data-original-url="/network-internet/33685/ees-5g-network-will-launch-30-may">EE's 5G network will launch 30 May</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/policy-legislation/33672/us-relaxes-trade-restrictions-on-huawei-founder-uninterested" data-original-url="/policy-legislation/33672/us-relaxes-trade-restrictions-on-huawei-founder-uninterested">US relaxes trade restrictions on Huawei, founder 'uninterested'</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/laptops/33571/huawei-matebook-x-pro-review-a-sight-for-sore-eyes" data-original-url="/laptops/33571/huawei-matebook-x-pro-review-a-sight-for-sore-eyes">Huawei MateBook X Pro review: A sight for sore eyes</a></p></div></div><p>"This move will have critical impact toward Huawei's business around smart phones," said Charlie Dai, principal analyst at Forrester. "Huawei has its own mobile OS as a backup, but it's not fully ready yet and it's very difficult to build up the ecosystem as what Huawei has been doing on Android."</p><p>"Eventually, it's no good toward consumers around the world, and It's a pity that customer value facilitated by open-source spirit is now ruined by the politics," he added.</p><p>Speaking at an event in Brussels on Tuesday, Huawei's representative to the European Union institutions Abraham Liu said that current Huawei users needn't worry, but emphasised that future devices that will be launched are under threat.</p><p>"For existing models already in market - there is no major impact," he said, reported <a href="https://www.bloomberg.com/news/articles/2019-05-22/trump-weighs-blacklisting-two-chinese-surveillance-companies" target="_blank"><em>Bloomberg</em></a>. "For the future [devices], both teams (Huawei and Google) are still working together to figure out what to do."</p><p>In other news, EE announced today that despite using Huawei equipment in <a href="https://www.itpro.com/network-internet/33685/ees-5g-network-will-launch-30-may" target="_blank" data-original-url="https://www.itpro.com/network-internet/33685/ees-5g-network-will-launch-30-may">its 5G launch next week</a>, it will not be supporting Huawei phones for its initial 5G plans that are available for preorder today.</p><p>"Until we get the information and confidence that gives us the long term surety that our customers, when they buy those devices, are going to be supported for the lifetime they've got the device with us," said Marc Allera, CEO of BT's consumer brands.</p><p>Microsoft also stripped <a href="https://www.itpro.com/laptops/33571/huawei-matebook-x-pro-review-a-sight-for-sore-eyes" target="_blank" data-original-url="https://www.itpro.com/laptops/33571/huawei-matebook-x-pro-review-a-sight-for-sore-eyes">Huawei's MateBook X Pro laptop</a> from its online store today, seemingly in response to the executive order against Chinese technology companies.</p><p>In a statement issued on Wednesday, a Huawei spokesperson said that the company valued its partners but "recognised the pressure some of them are under, as a result of politically motivated decisions".</p><p>"We are confident this regrettable situation can be resolved and our priority remains to continue to deliver world-class technology and products to our customers around the world."</p><p>It's the first sign of Microsoft's compliance with the order since the order took effect and also marks another challenge Huawei must overcome in order to stay competitive in the laptop market. It could signal the possibility that Huawei laptops may lose their license to support Windows OS, in which case Huawei may have to ship devices with a Linux-based OS or create their own for PCs too.</p><p>To make matter worse, the chipmaker ARM has instructed employees to suspend business with Huawei, according to an internal memo obtained by the <a href="https://www.bbc.co.uk/news/technology-48363772" target="_blank"><em>BBC</em></a>.</p><p>ARM produces technology that plays a strong role in the architecture of most mobile processors in the world. The memo reads that the company's designs contained "US origin technology" and could thus be affected by Trump's order.</p><p>One analyst speaking to the <em>BBC</em> said that if the move became permanent, then the consequences on Huawei's business would be "insurmountable".</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Article 13 gains European Council approval ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/it-governance/33460/article-13-gains-european-council-approval</link>
                                                                            <description>
                            <![CDATA[ However five European countries opposed the copyright directive ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">5iNNHaP2Ux6GhN1bQgKRdz</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/USicorFf29c4hDiJVtPLi-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Tue, 16 Apr 2019 08:27:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Security]]></category>
                                                                                                                    <dc:creator><![CDATA[ Clare Hopping ]]></dc:creator>                                                                                    <dc:source><![CDATA[ null ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/USicorFf29c4hDiJVtPLi-1280-80.jpg">
                                                            <media:credit><![CDATA[null]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Copyright]]></media:description>                                                            <media:text><![CDATA[Copyright]]></media:text>
                                <media:title type="plain"><![CDATA[Copyright]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/USicorFf29c4hDiJVtPLi-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>The UK has thrown its weight behind a move to make the Article 13 copyright legislation a law.</p><p>Alongside the UK, 18 other EU nations gave the directive, which includes the hotly debated Article 11 and Article 13, their approval. However, the Copyright Directive was opposed by Italy, Finland, Sweden, Luxembourg and the Netherlands.</p><p>Given the European Council has approved the Copyright Directive, EU member states will now have two years to implement it into their national laws. </p><p>Once that happens it could pave the way for the imposition of large fines on businesses that allow users to upload copyrighted content illegally.</p><p>For example, if a user uploads a video to YouTube that includes music they don't have the rights to include, YouTube will have to seek out the copyright owner to seek their permission. If they don't do so, they will need to remove the content.</p><p>It's a very controversial directive, which many publishers and other sources that rely upon shared content disagree with. It's unlikely that smaller firms will have the resource to find the copyright owner or afford fees and therefore, they will have to remove the content instead.</p><div  class="fancy-box"><div class="fancy_box-title"></div><div class="fancy_box_body"><p class="fancy-box__body-text"><a data-analytics-id="inline-link" href="https://www.itpro.com/policy-legislation/32552/what-is-article-13-and-article-11" data-original-url="/policy-legislation/32552/what-is-article-13-and-article-11">What is Article 13 and Article 11?</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/careers/29106/what-does-the-future-of-work-look-like" data-original-url="/careers/29106/what-does-the-future-of-work-look-like">What does the future of work look like?</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/policy-legislation/33453/tech-giants-oppose-bill-to-outlaw-unauthorised-iot-device-recordings" data-original-url="/policy-legislation/33453/tech-giants-oppose-bill-to-outlaw-unauthorised-iot-device-recordings">Tech giants oppose bill to outlaw unauthorised IoT device recordings</a></p></div></div><p>Although non-profit encyclopedias (such as Wikipedia) are exempt from the Copyright Directive, that didn't stop the tech giant switching its service off in four European markets last month in protest. Google objected as well, warning its users via a pop-up that the law could have "unintended consequences" such as blocking content its users had uploaded.</p><p>However, the music and creative arts industry has welcomed the move, saying it's a huge milestone for creators.</p><p>"It was a long road and we would like to thank everyone who contributed to the discussion," Helen Smith, executive chair of the Independent Music Companies Association said. "As a result, we now have a balanced text that sets a precedent for the rest of the world to follow, by putting citizens and creators at the heart of the reform and introducing clear rules for online platforms."</p><p>Another aspect of the rules state that search engines and social media providers will need to pay new publishers if they want to include snippets of content on their sites.</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ UK’s digital regulator will fine tech giants for spreading ‘harmful content’ online ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/policy-legislation/33408/uk-s-digital-regulator-will-fine-tech-giants-for-spreading-harmful-content</link>
                                                                            <description>
                            <![CDATA[ Draft proposals will see senior managers face criminal liability, while ISPs could block some services entirely ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">cF8ifxykvPduHNRaCCTUey</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/bDTgn8iYaTxpuv4jucgYUD-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Mon, 08 Apr 2019 11:28:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Data Protection]]></category>
                                                    <category><![CDATA[Security]]></category>
                                                                                                                    <dc:creator><![CDATA[ Keumars Afifi-Sabet ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/EAvwpZggMZ2K5h8s2pTAEm.jpg ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/bDTgn8iYaTxpuv4jucgYUD-1280-80.jpg">
                                                            <media:credit><![CDATA[null]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Image of social media apps on a smartphone screen]]></media:description>                                                            <media:text><![CDATA[Image of social media apps on a smartphone screen]]></media:text>
                                <media:title type="plain"><![CDATA[Image of social media apps on a smartphone screen]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/bDTgn8iYaTxpuv4jucgYUD-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>The government will establish a statutory regulator with powers to punish internet giants as part of new measures to crack down on the spread of harmful and extremist content online.</p><p>Tech companies and social media platforms will be compelled to abide by a 'duty of care' at the behest of a digital regulator, according to draft proposals, to rival Ofcom and the <a href="https://www.itpro.com/information-commissioner/31751/what-is-the-information-commissioner-s-office-ico" target="_blank" data-original-url="https://www.itpro.com/information-commissioner/31751/what-is-the-information-commissioner-s-office-ico">Information Commissioner's Office (ICO)</a>.</p><p>The government's long-awaited <a href="https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/793360/Online_Harms_White_Paper.pdf" target="_blank">'Online Harms' white paper</a>, released today, has also set out a regulatory framework that hands this proposed body the power to levy fines against companies for breaching standards. Senior managers will also be subject to these fines and held liable in a criminal context.</p><div  class="fancy-box"><div class="fancy_box-title"></div><div class="fancy_box_body"><p class="fancy-box__body-text"><a data-analytics-id="inline-link" href="https://www.itpro.com/policy-legislation/33352/how-policymakers-are-plotting-to-reign-in-the-tech-sector" data-original-url="/policy-legislation/33352/how-policymakers-are-plotting-to-reign-in-the-tech-sector">How policymakers are plotting to reign in the tech sector</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/policy-legislation/33363/worldwide-gdpr-part-of-mark-zuckerberg-s-manifesto-for-tech-regulation" data-original-url="/policy-legislation/33363/worldwide-gdpr-part-of-mark-zuckerberg-s-manifesto-for-tech-regulation">‘Worldwide GDPR’ part of Mark Zuckerberg’s manifesto for tech regulation</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/policy-legislation/33021/facebook-behaves-like-digital-gangsters-with-customer-data-mps-warn" data-original-url="/policy-legislation/33021/facebook-behaves-like-digital-gangsters-with-customer-data-mps-warn">Facebook behaves like "digital gangsters" with customer data, MPs warn</a></p></div></div><p>In extreme cases, the regulator will also disrupt offending companies' business operations, and order internet service providers (ISPs) to block non-compliant platforms or apps entirely from UK markets as a last resort.</p><p>"The era of self-regulation for online companies is over. Voluntary actions from industry to tackle online harms have not been applied consistently or gone far enough," said the government's digital secretary Jeremy Wright.</p><p>"Tech can be an incredible force for good and we want the sector to be part of the solution in protecting their users. However, those that fail to do this will face tough action."</p><p>Home Secretary Sajid Javid also reinforced the notion that large tech firms have a "moral duty" to protect their younger users from harmful and extremist content.</p><p>"Despite our repeated calls to action, harmful and illegal content - including child abuse and terrorism - is still too readily available online," he said. "That is why we are forcing these firms to clean up their act once and for all."</p><h3 class="article-body__section" id="section-putting-big-tech-firmly-in-the-government-39-s-sights"><span>Putting big tech firmly in the government's sights</span></h3><p>As to which firms will be subject to these rules, the government cites companies that "allow users to share or discover user-generated content or interact with each other online". This translates to social media platforms, file hosting sites, messaging services, public discussion forums, and search engines.</p><p>The government has also hinted it would target the biggest companies first, with the regulator's initial 'risk-based' focus hitting companies that pose the clearest risk of harm to users. This will either be due to the scale of the platforms, or issues with online content that have already been identified.</p><p>Powers will span issuing notices to companies for breaching standards, to "substantial" fines for failures to remove harmful or extremist content. The scale of these fines, however, have not been defined. Senior managers, too, will be individually subject to regulatory action if found to have led their companies to breach standards.</p><p>Underpinning the regulations will be a duty of care and several codes of practice. These latter documents are particularly relevant to minimising the spread of disinformation, and extremist content online. A 'safety by design' framework too will inform developers when they create any new digital products or services from scratch.</p><p>The white paper insists that any action taken will be proportionate and designed not to stifle innovation in the digital economy. Legislative action, therefore, will be coupled with measures to promote 'tech safety', for example, as well as digital literacy to empower users to manage their own online activity and the risks this involves.</p><p>The overall package of measures, however, has been branded by critics as too "vague". Although the trade organisation techUK, for instance, said the measures were a "significant step forward", this vision will not be achieved if difficult problems are trade-offs are ignored.</p><p>"A regulator, whether new or existing, will not thank anyone for being handed a vague remit," said techUK's head of policy Vinous Ali.</p><p>"It is vital that the Government is clear about what it wants to achieve and the trade-offs necessary to do it. That means providing clear definitions of online harms and setting out how difficult boundary issues should be addressed."</p><p>The information commissioner Elizabeth Denham, meanwhile, said the need for these proposals reflected users' growing mistrust of online services.</p><p>"People want to use these services, they appreciate the value of them, but they're increasingly questioning how much control they have of what they see, and how their information is used," said Denham. </p><p>"That relationship needs repairing, and regulation can help that. If we get this right, we can protect people online while embracing the opportunities of digital innovation."</p><h3 class="article-body__section" id="section-how-these-plans-compare-against-other-ideas"><span>How these plans compare against other ideas</span></h3><p>These proposals jointly-devised between the Home Office and the Department for Digital Culture Media and Sport (DCMS) have been several months in the making. Although the plans are subject to change, they set out for the first time how the government intends to reign in the worst tendencies of internet giants like Facebook and Google.</p><p>Ideas such as an internet regulator and a statutory 'duty of care' have been <a href="https://www.itpro.com/policy-legislation/33352/how-policymakers-are-plotting-to-reign-in-the-tech-sector" target="_blank" data-original-url="https://www.itpro.com/policy-legislation/33352/how-policymakers-are-plotting-to-reign-in-the-tech-sector">explored extensively by a chorus of policymakers, including the Labour opposition, the House of Lords' communications committee, and the DCMS select committee</a>.</p><p>But the government's white paper sets out how such measures could translate into legislation, and what this means for many companies subject to these rules. However, there are a handful of differences between what organisations such as the DCMS select committee are proposing, and what the government is.</p><p>"Disinformation is clearly harmful to democracy and society as a whole. The social media companies must have a responsibility to act against accounts and groups that are consistently and maliciously sharing known sources of disinformation," said chair of the committee Damian Collins MP.</p><p>"The white paper does not address the concerns raised by the select committee into the need for transparency for political advertising and campaigning on social media. Again, it is vital that our electoral law is brought up to date as soon as possible so that social media users know who is contacting them with political messages, and why."</p><p>The House of Lords' communications committee, meanwhile, wouldn't have gone as far as the government in establishing a fully-fledged regulator; <a href="https://www.itpro.com/policy-legislation/33184/lords-demand-digital-supervisor-to-govern-tech-regulation" target="_blank" data-original-url="https://www.itpro.com/policy-legislation/33184/lords-demand-digital-supervisor-to-govern-tech-regulation">instead suggesting an interim Digital Authority</a>. This body would oversee the work of existing regulators, nullify regulatory overlaps and suggest any changes to future processes so the raft of problems can be tackled now.</p><p>"If you make a new regulatory body then you will waste a long time before anything happens," its chair Lord Gilbert told <em>IT Pro</em> in March. "In the meantime, all of these bodies need to be brought together, they need to be forward-thinking, and they need to be de-duplicated.</p><p>"In time the new powerful Digital Authority may say the existing regulatory structure is not quite right and we need to either merge, change or set up some new bodies. But we don't want that to get in the way of doing stuff."</p><p>As for the Labour Party, these plans just don't go far enough. Its shadow digital secretary Tom Watson MP would also establish an independent regulator, in the same mould as this government's, but give this organisation the <a href="https://www.itpro.com/policy-legislation/32937/labour-wants-to-create-a-regulator-with-the-power-to-break-up-tech" target="_blank" data-original-url="https://www.itpro.com/policy-legislation/32937/labour-wants-to-create-a-regulator-with-the-power-to-break-up-tech">power to break up monopolies</a>, among a suite of tougher powers.</p><p>"The public and politicians of all parties agree these platforms must be made to take responsibility for the harms, hate speech and fake news they host," he said. "The concern with these plans is that they could take years to implement. We need action immediately to protect children and others vulnerable to harm.</p><p>"These plans also seem to stop short of tackling the overriding data monopolies causing this market failure and do nothing to protect our democracy from dark digital advertising campaigners and fake news."</p><h3 class="article-body__section" id="section-yet-another-punt-into-the-long-grass"><span>Yet another punt into the long grass?</span></h3><p>The government is spinning these proposals as decisively tough, and a world-first in regulating some of the biggest companies on the planet. This is indeed, as the government claims, the prelude to the world's first 'online safety' laws of its kind. And <a href="https://www.itpro.com/policy-legislation/31947/has-the-government-finally-lost-its-patience-with-silicon-valley" target="_blank" data-original-url="https://www.itpro.com/policy-legislation/31947/has-the-government-finally-lost-its-patience-with-silicon-valley">it's remarkable to chart the journey that ministers have been on</a>.</p><p>They'll be glad, therefore, to hear the plans have largely been welcomed by the industry, in principle at least. NCC Group, for example, says these proposals strike "the right balance". Specifically, the security firm's global CTO Ollie Whitehouse says that appointing an independent regulator will ensure regulation will keep pace with an evolving online environment.</p><p>But organisations on all sides of the debate have found quibbles with these plans, ranging from techUK's charge of being too vague to the Labour Party's accusations that these do nothing to resolve deep-rooted and systemic issues in the tech sector. Even NCC Group's Whitehouse believes the regulations won't be effective unless they are underpinned with online safety awareness and education in schools.</p><p>This, of course, also comes in the wake of the fallout from a mass shooting in New Zealand, and voices critical of tech companies for not removing a live stream of the tragedy quickly enough. Just in the last few hours, the country's privacy commissioner John Edwards branded Marck Zuckerberg and his company Facebook <a href="https://www.itpro.com/social-media/33404/new-zealand-privacy-commissioner-brands-facebook-as-morally-bankrupt" target="_blank" data-original-url="https://www.itpro.com/social-media/33404/new-zealand-privacy-commissioner-brands-facebook-as-morally-bankrupt">"morally bankrupt pathological liars who enable genocide (Myanmar), facilitate foreign undermining of democratic institutions"</a>.</p><p>His comments, posted onto Twitter and now deleted, are indicative of an incredibly emotionally-charged debate. It also brings into perspective what the phrase 'online harms', something that has not up to now been adequately defined, means to people in reality.</p><p>The government has now, at least, released a chart outlining three categories of online harms, as it sees things, including harms with a clear legal definition, harms with a less clear legal definition, and underage exposure to legal content. But it's still uncertain how the government, and its new regulator, will effectively enforce these laws.</p><p>The chorus of voices reacting critically to these proposals shouldn't be seen as disparaging, rather it betrays the idea of just how complex an issue online regulation is. There's perhaps a good reason that no country has yet attempted to reign in the ever-ballooning tech sector. So it's just as well that the government has opened their plans up to an extensive period of public consultation, immediately after putting their cards onto the table.</p><p>But given the white paper's release was already delayed, having been touted for 'winter 2018/19', some may see <a href="https://dcms.eu.qualtrics.com/jfe/form/SV_5nm7sPoxilSoTg9" target="_blank">the 12-week consultation</a> as kicking the issue into the long grass, as the government has arguably done with Brexit.</p><p>This is justified, as we probably won't see any finalised proposals until the end of the year. But if the government uses this time to finetune and clearly establish the implementation of these measures, as against just playing for time, the sector might well be in a healthier place for it.</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ European Commission says tech giants are more effectively examining illegal hate speech ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/policy-legislation/32931/european-commission-says-tech-giants-are-more-effectively-examining-illegal</link>
                                                                            <description>
                            <![CDATA[ But the UK ranks as the third-worst performing nation in terms of removing harmful content ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">wJ8KR5ppsFZtEdxNxwHDMg</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/bDTgn8iYaTxpuv4jucgYUD-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Wed, 06 Feb 2019 12:48:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Policy and Legislation]]></category>
                                                    <category><![CDATA[Business]]></category>
                                                                                                                    <dc:creator><![CDATA[ Keumars Afifi-Sabet ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/EAvwpZggMZ2K5h8s2pTAEm.jpg ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/bDTgn8iYaTxpuv4jucgYUD-1280-80.jpg">
                                                            <media:credit><![CDATA[null]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Image of social media apps on a smartphone screen]]></media:description>                                                            <media:text><![CDATA[Image of social media apps on a smartphone screen]]></media:text>
                                <media:title type="plain"><![CDATA[Image of social media apps on a smartphone screen]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/bDTgn8iYaTxpuv4jucgYUD-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>Social media platforms have generally become more effective at removing online hate speech and harmful content within 24 hours, but are providing feedback to their users less frequently.</p><p>Tech firms are reviewing the majority of notifications they receive on hate speech in a timely way, according to a European study, with an average of 89% of flagged content across several platforms examined within 24 hours. These social networks, including Facebook, Twitter, YouTube, Instagram and Google+, are also removing 72% of the illegal hate speech notified to them.</p><p>The figures, outlined in the latest <a href="https://ec.europa.eu/info/files/factsheet-4th-monitoring-round-code-conduct_en" target="_blank">European Commission's (EC) monitoring report on its voluntary Code of Conduct</a>, mark a significant improvement since the first such study in 2016. The first of now four monitoring reports saw 40% of flagged content examined within 24 hours, and 28% removed.</p><div  class="fancy-box"><div class="fancy_box-title"></div><div class="fancy_box_body"><p class="fancy-box__body-text"><a data-analytics-id="inline-link" href="https://www.itpro.com/policy-legislation/31947/has-the-government-finally-lost-its-patience-with-silicon-valley" data-original-url="/policy-legislation/31947/has-the-government-finally-lost-its-patience-with-silicon-valley">Has the government finally lost its patience with Silicon Valley?</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/social-media/31899/facebooks-ai-tech-can-spot-hate-speech-by-reading-text-from-photos-and-videos" data-original-url="/social-media/31899/facebooks-ai-tech-can-spot-hate-speech-by-reading-text-from-photos-and-videos">Facebook's AI tech can spot hate speech by reading text from photos and videos</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/security/30674/eu-to-give-tech-firms-one-hour-to-remove-illegal-content" data-original-url="/security/30674/eu-to-give-tech-firms-one-hour-to-remove-illegal-content">EU to give tech firms one hour to remove illegal content</a></p></div></div><p>The study saw dozens of organisations raise thousands of queries across the social media platforms in question during a six-week period, with the latest monitoring report conducted in late 2018.</p><p>Despite the pan-European improvement, however, the UK still lags well behind the continental average, representing the nation with the third-lowest rates of content removal across all member states.</p><p>Just 54% of content flagged is removed in the UK, according to the figures, which is actually a drop on the previous monitoring report, measured in December 2017, which saw 66% of illegal content removed.</p><p>Facebook is the best-performing platform on the reviewing front, with 92.6% of cases seen within 24 hours, and a further 5.1% seen within 48 hours. The corresponding figures for Youtube and Twitter are 83.8% and 7.9%, and 88.3% and 7.3% respectively.</p><p>Meanwhile, supplying feedback to users and a rationale behind these decisions, are being provided less frequently, with 65% of users receiving notifications in 2018 against 69% being informed in 2017's survey.</p><p>Facebook is the only company informing users systematically, the report says, with 92% of notifications receiving feedback, but this is a reduction from almost 95% last year.</p><p>The latest figures are released in light of mounting pressure in the UK for social media companies to do more to monitor harmful content and hate speech posted on their platforms.</p><p>An influential parliamentary committee of MPs just last week published a report recommending that policymakers construe a set of new laws to subject social media companies to a <a href="https://www.itpro.com/policy-legislation/32885/make-social-media-firms-liable-for-harm-to-children-mps-say" target="_blank" data-original-url="https://www.itpro.com/policy-legislation/32885/make-social-media-firms-liable-for-harm-to-children-mps-say">legally-enforceable duty of care'</a>.</p><p>The European Union (EU) has even proposed <a href="https://www.itpro.com/security/30674/eu-to-give-tech-firms-one-hour-to-remove-illegal-content" target="_blank" data-original-url="https://www.itpro.com/security/30674/eu-to-give-tech-firms-one-hour-to-remove-illegal-content">limiting the statutory deadline for tech giants to remove illegal content to just one hour</a>.</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ FOI reveals NHS Trusts spend as little as £250 on cyber security ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/wannacry/32547/foi-reveals-nhs-trusts-spend-as-little-as-250-on-cyber-security</link>
                                                                            <description>
                            <![CDATA[ 'Alarming' spend and expertise discrepancies exposed as DHSC threatens enforcement action ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">oJ3p2Mu2MpX9NPdkPyPBCK</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/mds3gPMjrWMfM9saHMdukW-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Tue, 11 Dec 2018 10:43:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Cyber Attacks]]></category>
                                                    <category><![CDATA[Security]]></category>
                                                                                                                    <dc:creator><![CDATA[ Keumars Afifi-Sabet ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/EAvwpZggMZ2K5h8s2pTAEm.jpg ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/mds3gPMjrWMfM9saHMdukW-1280-80.jpg">
                                                            <media:credit><![CDATA[null]]></media:credit>
                                                                                                                                                                                                                                                                                                                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/mds3gPMjrWMfM9saHMdukW-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>The NHS is struggling to retain critical cyber security expertise and expenditure is being allocated erratically, with some Trusts spending as little as 250 in the last year, it has emerged.</p><p>Despite the Department for Health and Social Care (DHSC) having committed an additional 150 million on NHS cyber security a year after the WannaCry attack, <a href="https://www.redscan.com/news/nhs-cybersecurity-skills-survey" target="_blank">research by Redscan</a> has exposed a prominent gap in both funding and staffing.</p><p>The average spend on data security training across 159 Trusts surveyed was 5,356 in the last 12 months, but this ranged widely from between 238 and 78,000 with no correlation to the size of Trust, or its location.</p><p>For a mid-sized Trust of between 3,000 and 4,000 employees, for example, training spend ranged from 500 to 33,000. But the research also notes a significant amount of training was conducted in-house using NHS Digital resources.</p><p>GDPR training was the most common programme taken up, with other prominent courses including BCS Practioner Certificate in Data Protection, and Senior Information Risk Owner.</p><p>However, it was found that NHS Trusts have only employed an average of one qualified security professional per 2,582 staff.</p><div  class="fancy-box"><div class="fancy_box-title"></div><div class="fancy_box_body"><p class="fancy-box__body-text"><a data-analytics-id="inline-link" href="https://www.itpro.com/wannacry/31102/why-we-re-ignoring-the-real-lesson-of-wannacry" data-original-url="/wannacry/31102/why-we-re-ignoring-the-real-lesson-of-wannacry">Why we’re ignoring the real lesson of WannaCry</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/wannacry/30956/one-year-after-wannacry-zero-nhs-trusts-pass-cyber-security-assessment" data-original-url="/wannacry/30956/one-year-after-wannacry-zero-nhs-trusts-pass-cyber-security-assessment">One year after WannaCry, zero NHS trusts pass cyber security assessment</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/cyber-security/31423/nhs-asks-ibm-to-boost-its-cyber-security-defences-after-wannacry" data-original-url="/cyber-security/31423/nhs-asks-ibm-to-boost-its-cyber-security-defences-after-wannacry">NHS asks IBM to boost its cyber security defences after WannaCry</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/cyber-security/31554/uk-government-lacks-urgency-in-tackling-cyber-security-skills-gap" data-original-url="/cyber-security/31554/uk-government-lacks-urgency-in-tackling-cyber-security-skills-gap">UK government 'lacks urgency' in tackling cyber security skills gap</a></p></div></div><p>Alarmingly, almost a quarter of Trusts, 24 out of 108, retain no staff with security qualifications despite some employing around 16,000 full-time and part-time workers. A handful of Trusts also reported having employees in the process of obtaining security qualifications.</p><p>"These findings shine a light on the cyber security failings of the NHS, which is struggling to implement a cohesive security strategy under difficult circumstances," said Redscan's director of cyber security Mark Nicholls.</p><p>"Individual trusts lack in-house cybersecurity talent and many are falling short of training targets; while investment in security and data protection training is patchy at best. The extent of discrepancies is alarming, as some NHS organisations are far better resourced, funded and trained than others."</p><p>The findings, released following a Freedom of Information (FOI) campaign which saw responses from 159 NHS Trusts, have been released a year-and-a-half after the devastating <a href="https://www.itpro.com/wannacry/32103/wannacry-cost-the-nhs-92-million-report-estimates" target="_blank" data-original-url="https://www.itpro.com/wannacry/32103/wannacry-cost-the-nhs-92-million-report-estimates">WannaCry attack that DHSC estimated to cost 92 million</a>.</p><p>Several parliamentary reports have since savaged the NHS' record on cyber security resilience, with among the latest in April showing <a href="https://www.itpro.com/wannacry/30956/one-year-after-wannacry-zero-nhs-trusts-pass-cyber-security-assessment" target="_blank" data-original-url="https://www.itpro.com/wannacry/30956/one-year-after-wannacry-zero-nhs-trusts-pass-cyber-security-assessment">zero Trusts passed the government's cyber security assessments</a>.</p><p>A separate FOI request Redscan sent to NHS Digital revealed signs of improvement, as 139 Trusts had now undertaken a Data Security Onsite Assessment, compared to just 60 Trusts last year.</p><p>Beyond announcing an additional 150 million over the next three years, the DHSC also committed to <a href="https://www.itpro.com/wannacry/31020/nhs-aims-to-solve-cyber-security-issues-with-windows-10-migration-by-2020-deadline" target="_blank" data-original-url="https://www.itpro.com/wannacry/31020/nhs-aims-to-solve-cyber-security-issues-with-windows-10-migration-by-2020-deadline">upgrading all Windows XP devices to Windows 10 by 2020</a> in a deal struck with Microsoft earlier this year.</p><p>"Cyber security is a priority for this government and funding is provided to NHS Trusts based on their specific needs and capabilities," a DHSC spokesperson told <em>IT Pro</em>.</p><p>"Over 60m was invested last year for critical infrastructure, and there will be a further 150m over the next three to improve resilience across the health and care system.</p><p>"Where Trusts do not take sufficient action to secure their networks and systems, we will use strong enforcement powers to ensure they improve."</p><p>Redscan's Nicholls added that as the skills gap continues to grow, it'll become harder for organisations across all sectors to find the people with the right knowledge and expertise.</p><p>"It's even tougher for the NHS, which must compete with the private sector's bumper wages," he continued, "not to mention the fact that trusts outside of traditional tech hubs like London and Cambridge have a smaller talent pool from which to choose from."</p><p>Kaspersky's principal security researcher David Emm told <em>IT Pro</em> that given how very attractive health data is to criminals, it is vital the NHS invests money in robust protections.</p><p>"Healthcare providers must also work closely with their IT security teams to implement sophisticated, high-quality protection that will allow them to manage and protect customer data," he said.</p><p>"Not just for the sake of tick-box' compliance, or to avoid hefty fines and embarrassing, often irreparable reputational damage, but to enable them and their patients to reap the many rewards of advanced digital healthcare, confident in the knowledge that data, devices and networks are secure."</p><p><em>IT Pro</em> also approached NHS Digital, NHS England and NHS Improvement for comment.</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ China erases citizens’ social media accounts in widespread censorship campaign ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/policy-legislation/32353/china-erases-citizens-social-media-accounts-in-widespread-censorship</link>
                                                                            <description>
                            <![CDATA[ Following the country's restriction on media outlets, China have exercised their censorship laws eliminating 9,800 social media accounts ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">5MFR3zJ3YDMvWy4HcrzhYG</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/QTdNJdBeaYkmGH2MZTNPim-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Tue, 13 Nov 2018 13:50:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Policy and Legislation]]></category>
                                                    <category><![CDATA[Business]]></category>
                                                                                                                    <dc:creator><![CDATA[ Connor Jones ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/LPjgE2kGKixS9aF7Jdp2mT.png ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/QTdNJdBeaYkmGH2MZTNPim-1280-80.jpg">
                                                            <media:credit><![CDATA[null]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[china]]></media:description>                                                            <media:text><![CDATA[china]]></media:text>
                                <media:title type="plain"><![CDATA[china]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/QTdNJdBeaYkmGH2MZTNPim-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>In the early hours of the morning, it was reported that China's primary security authority has deleted 9,800 social media accounts due to inappropriate content, reported <a href="https://uk.reuters.com/article/uk-china-censorship/china-scours-social-media-erases-thousands-of-accounts-idUKKCN1NI0CG" target="_blank"><em>Reuters</em></a>.</p><p>The Cyberspace Administration of China (CAC) made a statement in relation to its campaign launched on 20 October 2018, saying it had erased a massive amount of the increasingly prevalent 'self-media' accounts that emerged in recent months.</p><p>The accounts were erased for "spreading politically harmful information, maliciously falsifying (Chinese Communist) party history, slandering heroes and defaming the nation's image".</p><p>The wiped accounts had appeared on two of China's premier social media platforms, WeChat and Weibo. Tencent and Sina, the two companies who own and operate the platforms were also summoned by the CAC and admonished for failing to prevent "uncivilized growth" and causing "all kinds of chaos".</p><div  class="fancy-box"><div class="fancy_box-title"></div><div class="fancy_box_body"><p class="fancy-box__body-text"><a data-analytics-id="inline-link" href="https://www.itpro.com/privacy/30981/google-gets-caught-up-in-russian-internet-censorship-battle" data-original-url="/privacy/30981/google-gets-caught-up-in-russian-internet-censorship-battle">Google gets caught up in Russian internet censorship battle</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/611005/internet-censorship-who-decides" data-original-url="/611005/internet-censorship-who-decides">Internet censorship: Who decides?</a></p></div></div><p>The term 'self-media' is used to refer to social media channels, much like ones found on Snapchat's stories, posing as genuine media outlets. The channels produce original content which spans a breadth of topics but aren't officially registered with authorities.</p><p>The prevalence and popularity of these accounts have been largely attributed to the interesting and sometimes sensational content that they churn out, which comes as a breath of fresh air from the state-regulated official sources which like to keep content produced in Chinese cyberspace in-line with communist party ideals.</p><p>Despite freedom of expression being codified in China's constitution, the one-party state does allow some leniency but keeps a strict limit on the extent to which the party can be criticised.</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Budget 2018: Hammond announces Digital Services Tax to crack down on tech giants' "unsustainable and unfair" tax practices ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/policy-legislation/32244/budget-2018-tech-sector-changes</link>
                                                                            <description>
                            <![CDATA[ Revenue-based tax to hit tech giants as government announces more funding for AI, quantum computing, and digital transformation ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">jVju4dYBGeWMVdSE4yiMX5</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/DCS8TdD9PHvWFcBQZrUiwj-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Tue, 30 Oct 2018 11:04:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Machine learning]]></category>
                                                    <category><![CDATA[Technology]]></category>
                                                                                                                    <dc:creator><![CDATA[ Keumars Afifi-Sabet ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/EAvwpZggMZ2K5h8s2pTAEm.jpg ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/DCS8TdD9PHvWFcBQZrUiwj-1280-80.jpg">
                                                            <media:credit><![CDATA[null]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Houses of parliament UK at night]]></media:description>                                                            <media:text><![CDATA[Houses of parliament UK at night]]></media:text>
                                <media:title type="plain"><![CDATA[Houses of parliament UK at night]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/DCS8TdD9PHvWFcBQZrUiwj-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>The government has announced a new revenue-based tax on the likes of Google, Facebook and Amazon which is expected to raise 400 million per year.</p><p>The UK Digital Services Tax (DST), which will come into effect from April 2020, is a 2% tax on the revenues of search engines, social media platforms and online marketplaces that are profitable, and generate more than 500 million per year in revenue.</p><div  class="fancy-box"><div class="fancy_box-title"></div><div class="fancy_box_body"><p class="fancy-box__body-text"><a data-analytics-id="inline-link" href="https://www.itpro.com/policy-legislation/32044/big-tech-businesses-are-a-threat-to-the-digital-services-tax" data-original-url="/policy-legislation/32044/big-tech-businesses-are-a-threat-to-the-digital-services-tax">Big tech businesses are a threat to the Digital Services tax</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/policy-legislation/31947/has-the-government-finally-lost-its-patience-with-silicon-valley" data-original-url="/policy-legislation/31947/has-the-government-finally-lost-its-patience-with-silicon-valley">Has the government finally lost its patience with Silicon Valley?</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/it-infrastructure/31452/failing-government-infrastructure-projects-on-the-rise-says-watchdog" data-original-url="/it-infrastructure/31452/failing-government-infrastructure-projects-on-the-rise-says-watchdog">Failing government infrastructure projects on the rise, says watchdog</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/broadband/31477/national-infrastructure-commission-calls-for-full-fibre-in-the-uk-by-2033" data-original-url="/broadband/31477/national-infrastructure-commission-calls-for-full-fibre-in-the-uk-by-2033">National Infrastructure Commission calls for full fibre in the UK by 2033</a></p></div></div><p>Announcing the measure in this year's Budget, Chancellor Philip Hammond said the DST will restore "sustainability and fairness" to the UK tax system, which he suggested tech giants have exploited in the past.</p><p>"There is one standout example of where the rules of the game must evolve now if they are to keep up with the emerging digital economy," Hammond told the House of Commons.</p><p>"Digital platforms delivering search engines, social media, and online marketplaces have changed our lives, our society and our economy. Mostly for the better. But they also pose a real challenge for the sustainability and fairness of our tax system.</p><p>"The rules have simply not kept pace with changing business models and it is clearly not sustainable or fair that digital platform businesses can generate substantial value in the UK without paying tax here in respect of that business."</p><p>The UK DST is expected raise just 5 million in its first year, according to Budget papers, and is not projected to bring in the touted 400 million of tax revenue until at least 2022/23.</p><h3 class="article-body__section" id="section-39-we-cannot-simply-talk-forever-39"><span>'We cannot simply talk forever'</span></h3><p>The measure represents a major shift in the Conservative government's approach to handling an industry that is becoming increasingly influential in the UK economy.</p><p>But it has been met with criticism on both sides; either feeling it could hamper the tech sector, or that the announcement doesn't actually go far enough.</p><p>"As more and more businesses digitise, the way we levy taxes on companies must evolve and the UK is well-placed, with the strongest tech sector in Europe, to be a leader in this area," said Gerard Grech, chief executive of Tech Nation, an industry trade body.</p><p>"However, the announcement by the Chancellor, Philip Hammond, of a 2% tax on revenues of multinational technology companies risks stifling entrepreneurialism and innovation, which recent governments have done much to encourage."</p><p>Santosh Sahu, CEO of delivery platform On the dot, branded the tax a "punch into the pockets of tech giants", as well as "stab in the back" for retailers with successful multi-channel strategies.</p><p>During his Budget speech, Hammond made reassurances the measure will not be "an online sales tax on goods ordered over the internet", as such a tax would naturally fall on consumers.</p><p>Labour's shadow secretary for digital, culture, media and sport (DCMS) Tom Watson, meanwhile, derided the measure's "lack of ambition".</p><p>"The tech giants do need to pay more in tax," he said, "but the measure announced today is a pittance for these massive international companies.</p><p>"Under the Tories, the percentage of tax paid by the big five tech companies has halved since 2013. The new tax isn't even set to be implemented until 2020 at which time the tech giants will start to enjoy a 2% cut in their corporation tax rate."</p><p>The Chancellor added that the UK will continue to consult with nations which comprise the OECD and G20 in order to establish an international, cross-border set of measures, with any agreement potentially superseding the UK's unilateral measure.</p><p>"The UK has been leading attempts to deliver international corporate tax reform for the digital age," he continued, adding: "a new global agreement is the best long-term solution, but the pace is painfully slow.</p><p>"We cannot simply talk forever."</p><h3 class="article-body__section" id="section-rolling-out-full-fibre-and-5g"><span>Rolling out full fibre and 5G</span></h3><p>Elsewhere the government announced a series of investments into digital tools to support the industry, including a 20 million fund for local peer-to-peer networks geared towards business improvement, and technological adoption.</p><p>Hammond also announced the government would work in partnership with large banks, professional services firms and tech companies to support the productivity of their small business customers.</p><p>The government's National Productivity Investment Fund will also expand to 37 billion nationwide, including a significant portion dedicated to building the UK's digital infrastructure and research and development (R&D).</p><p>The UK's growing fibre and 5G network will see an additional 715 million between now and the end of 2021, on top of 25 million investment last year, geared towards rolling out full fibre broadband nationwide.</p><p>This includes 200 million to pilot innovative approaches to deploying full fibre in rural locations, starting with primary schools, as well as rolling out a voucher scheme for nearby homes and businesses.</p><h3 class="article-body__section" id="section-r-amp-d-and-digital-transformation-set-to-benefit"><span>R&D and digital transformation set to benefit</span></h3><p>R&D funding, meanwhile, will receive a further 1.6 billion next year in areas such as nuclear fusion, quantum computing, and artificial intelligence, with the government expecting to have spent 9 billion more by 2021 than it had in 2015.</p><p>An additional 235 million for the development and commercialisation of UK quantum computing, meanwhile, in addition to 80 million announced earlier this year, would represent a welcome sigh of relief for the industry.</p><p>Scientists and experts previously slammed the government for scrimping on quantum computing investment when it had offered just 80 million, instead of the 338 million demanded so the UK "does not lose ground against international competitor programmes".</p><p>The Budget also set out a handful of ways the government may use AI to drive growth, including a review into the use of automation and data in the public sector conducted by the Government Digital Service (GDS) and the Office for AI.</p><p>The UK's Center for Data Ethics and Innovation has also been commissioned to study the use of data in shaping people's online experiences, and the potential for bias in decisions made via black box algorithms.</p><p>But according to research the UK's AI strategy still lags behind European rivals, with <a href="https://www.exasol.com/en/insights/bi-to-data-analytics/#section-3" target="_blank">findings from analytics firm Exasol</a> showing German businesses are 45% more focused on building AI into their strategies than UK companies.</p><p>"While there is room for improvement," said Exasol CTO Mathias Golombek, the announcement of a 1.6 billion investment is "promising" for the UK's industrial strategy.</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Twitter faces GDPR probe for refusing to comply with subject access request ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/general-data-protection-regulation-gdpr/32141/twitter-faces-gdpr-probe-for-refusing-to-comply-with</link>
                                                                            <description>
                            <![CDATA[ Academic's request for information about how the platform tracks him denied as it would take 'disproportionate effort' ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">5ynZaBt85jmuVNedacDr73</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/DaDXsVFiiqZDH9aQHsTnjK-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Wed, 17 Oct 2018 11:02:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[GDPR]]></category>
                                                    <category><![CDATA[Security]]></category>
                                                    <category><![CDATA[Data Protection]]></category>
                                                                                                                    <dc:creator><![CDATA[ Keumars Afifi-Sabet ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/EAvwpZggMZ2K5h8s2pTAEm.jpg ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/DaDXsVFiiqZDH9aQHsTnjK-1280-80.jpg">
                                                            <media:credit><![CDATA[null]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[The Twitter logo on a card surrounded by other cards with images such as fingerprints and locks]]></media:description>                                                            <media:text><![CDATA[The Twitter logo on a card surrounded by other cards with images such as fingerprints and locks]]></media:text>
                                <media:title type="plain"><![CDATA[The Twitter logo on a card surrounded by other cards with images such as fingerprints and locks]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/DaDXsVFiiqZDH9aQHsTnjK-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>Twitter is being investigated for a potential General Data Protection Regulation (GDPR) breach after refusing to provide an academic with information about how he is tracked on the platform.</p><p>The social media network <a href="https://help.twitter.com/en/using-twitter/url-shortener" target="_blank">uses shortened t.co links</a> as a way to track a handful of data points, including how many clicks longer links receive. They also help to curb the spread of malware and phishing attacks, the platform says.</p><p>Michael Veale, a researcher based at University College London (UCL), lodged a subject access request (SAR) to find out whether these links track more data on users than Twitter lets on.</p><div  class="fancy-box"><div class="fancy_box-title"></div><div class="fancy_box_body"><p class="fancy-box__body-text"><a data-analytics-id="inline-link" href="https://www.itpro.com/data-protection/28029/latest-gdpr-news-uk" data-original-url="/data-protection/28029/latest-gdpr-news-uk">GDPR news: GDPR turns six months old</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/analytics/30201/how-to-use-twitter-analytics-start-sharing-like-the-pros" data-original-url="/analytics/30201/how-to-use-twitter-analytics-start-sharing-like-the-pros">How to use Twitter analytics: start sharing like the pros</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/development/31719/twitter-kills-support-for-third-party-clients" data-original-url="/development/31719/twitter-kills-support-for-third-party-clients">Twitter kills support for third-party clients</a></p></div></div><p>But <a href="http://fortune.com/2018/10/12/twitter-gdpr-investigation-tco-tracking" target="_blank">according to <em>Fortune</em></a>, the social media company denied his request on the grounds that providing this information would take "disproportionate effort".</p><p>Veale then escalated the issue with a complaint to the Irish Data Protection Commission (DPC), which confirmed in a letter last week that it would investigate whether Twitter's refusal to fulfill the request constitutes a GDPR breach.</p><p>The DPC also said it would consider engaging the European Data Protection Board, an independent advisory body that works to apply the consistent application of GDPR across the continent.</p><p>"The DPC has initiated a formal statutory inquiry in respect of your complaint," <a href="https://twitter.com/mikarv/status/1050672608683819010" target="_blank">the regulator wrote</a>.</p><p>"The inquiry will examine whether or not Twitter has discharged its obligations in connection with the subject matter of your complaint and determine whether or not any provisions of the GDPR or the [Irish Data Protection] Act have been contravened by Twitter in this respect."</p><p>Ireland's data watchdog is handling the case under GDPR's One Stop Shop principle, in which a lead investigator is nominated to investigate cross-border breaches. </p><p>The rights of data subjects have considerably strengthened since GDPR came into force on 25 May. Under the new regulations, organisations are required to provide any data held on their users or customers within 30 days, subject to exceptions in the law.</p><p>These subject access requests (SARs) also operate in tandem with the right to be forgotten, which gives data subject the right to request that data held on them by any organisation is deleted, under reasonable circumstances.</p><p>Research published last month showed <a href="https://www.itpro.com/data-protection/28029/latest-gdpr-news-uk" target="_blank" data-original-url="https://www.itpro.com/data-protection/28029/latest-gdpr-news-uk">just 35% of EU-based companies are fulfilling SARs</a> within the legal 30-day timeframe, which is true for 50% of firms based outside of Europe.</p><p>This case is being handled under GDPR since the request was made after the new regulations came into force.</p><p><em>IT Pro</em> approached Twitter for comment, but did not get a response at the time of writing. A spokesperson for the DPC said a statement would follow.</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ EU will fine social media firms for failing to remove extremist material ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/policy-legislation/31733/eu-will-fine-social-media-firms-for-failing-to-remove-extremist-material</link>
                                                                            <description>
                            <![CDATA[ Security commissioner signals step change from self-policing ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">5FiWtDtVxnv7FZVeR5jkB5</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/9mBpTy6ChuboHua7Nq6fsK-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Mon, 20 Aug 2018 09:31:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Policy and Legislation]]></category>
                                                    <category><![CDATA[Business]]></category>
                                                                                                                    <dc:creator><![CDATA[ Keumars Afifi-Sabet ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/EAvwpZggMZ2K5h8s2pTAEm.jpg ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/9mBpTy6ChuboHua7Nq6fsK-1280-80.jpg">
                                                            <media:credit><![CDATA[null]]></media:credit>
                                                                                                                                                                                                                                                                                                                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/9mBpTy6ChuboHua7Nq6fsK-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>The European Union (EU) will draw up new plans to fine social media companies over their failure to remove extremist content from their services.</p><p>Under new proposals, companies such as Facebook and YouTube will be compelled to remove terrorist propaganda within one hour or face hefty fines, according to European commissioner for the security union Julian King, <a href="https://www.ft.com/content/a4068e88-a22a-11e8-85da-eeb7a9ce36e4">who spoke with the <em>Financial Times</em></a>.</p><p>"We cannot afford to relax or become complacent in the face of such a shadowy and destructive phenomenon," King said, adding that new regulations would create legal certainty for websites of all sizes.</p><p>"The difference in size and resources means platforms have differing capabilities to act against terrorist content and their policies for doing so are not always transparent.</p><p>"All this leads to such content continuing to proliferate across the internet, reappearing once deleted and spreading from platform to platform."</p><div  class="fancy-box"><div class="fancy_box-title"></div><div class="fancy_box_body"><p class="fancy-box__body-text"><a data-analytics-id="inline-link" href="https://www.itpro.com/policy-legislation/31163/uk-government-draws-up-new-laws-after-social-media-firms-spurn-abuse-talks" data-original-url="/policy-legislation/31163/uk-government-draws-up-new-laws-after-social-media-firms-spurn-abuse-talks">UK government draws up new laws after social media firms spurn abuse talks</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/policy-legislation/31011/eu-rules-could-allow-small-businesses-to-sue-tech-giants" data-original-url="/policy-legislation/31011/eu-rules-could-allow-small-businesses-to-sue-tech-giants">EU rules could allow small businesses to sue tech giants</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/policy-legislation/31209/eu-sinks-uk-hopes-for-post-brexit-role-for-uk-in-developing-data-protection" data-original-url="/policy-legislation/31209/eu-sinks-uk-hopes-for-post-brexit-role-for-uk-in-developing-data-protection">EU sinks UK hopes for post-Brexit role for UK in developing data protection laws</a></p></div></div><p>The draft proposals, set to be published next month, signal a shift from the EU's current regulatory outlook which allows companies to voluntarily remove content deemed to incite terrorist violence or radicalise users.</p><p>The EU's decision to make its guidelines legally enforceable mirrors a change in heart in terms of the UK's strategy, with the government earlier this year hinting at new rules that represent a clear shift from voluntary guidelines and self-policing.</p><p>After ten companies failed to turn up to government talks, of 14 invited, the then-secretary of state for digital, culture, media and sport (DCMS) Matt Hancock said in May the <a href="https://www.itpro.com/policy-legislation/31163/uk-government-draws-up-new-laws-after-social-media-firms-spurn-abuse-talks" data-original-url="https://www.itpro.com/policy-legislation/31163/uk-government-draws-up-new-laws-after-social-media-firms-spurn-abuse-talks">UK would draft laws to fine firms that failed to tackle online abuse</a> or remove inappropriate content.</p><p>"The fact that only four companies turned up when I invited the 14 biggest in; it gave me a big impetus to drive this proposal to legislate through," Hancock said on BBC One's <em>the Andrew Marr Show</em>.</p><p>"Before then, and until now, there has been this argument - work with the companies, do it on a voluntary basis, they'll do more that way because the lawyers won't be involved.</p><p>"And after all, these companies were set up to make the world a better place. The fact that these companies have social media platforms with over a million people on them, and they didn't turn up [is disappointing]."</p><p>The wider movement towards tougher and more meaningful regulation has in-part been motivated by the continuously-unfolding data misuse scandal involving Facebook and the now-defunct Cambridge Analytica. The DCMS select committee, for instance, has proposed several new laws in an <a href="https://www.itpro.com/policy-legislation/31594/tech-giants-like-facebook-should-be-made-liable-for-fake-news-dcms" data-original-url="https://www.itpro.com/policy-legislation/31594/tech-giants-like-facebook-should-be-made-liable-for-fake-news-dcms">interim report published last month</a> that make social media companies, like Facebook, liable for misinformation that is allowed to spread on their platforms.</p><p>Meanwhile, in February the former home secretary Amber Rudd revealed an auto-blocking tool the government is hoping can <a href="https://www.itpro.com/internet-security/30523/government-unveils-auto-blocking-tool-for-extremist-content" data-original-url="https://www.itpro.com/internet-security/30523/government-unveils-auto-blocking-tool-for-extremist-content">automatically detect and flag extremist content without human intervention</a>. Developed by the London-based artificial intelligence company ASI Data Science, the tool was trained by analysing thousands of hours of ISIS-produced content and forms part of the government's wider efforts to tackle online hate speech and extremist material.</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ ICO unveils new tech strategy to tackle digital hurdles ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/information-commissioner/31689/ico-unveils-new-tech-strategy-to-tackle-digital-hurdles</link>
                                                                            <description>
                            <![CDATA[ The three-year plan sees the appointment of a new executive director for technology policy and innovation ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">af45sAtGVh26e7HTKSMpri</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/XCRn8joXXfYZACjyvtoZWj-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Tue, 14 Aug 2018 11:36:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[GDPR]]></category>
                                                    <category><![CDATA[Security]]></category>
                                                    <category><![CDATA[Data Protection]]></category>
                                                                                                                    <dc:creator><![CDATA[ Keumars Afifi-Sabet ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/EAvwpZggMZ2K5h8s2pTAEm.jpg ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/XCRn8joXXfYZACjyvtoZWj-1280-80.jpg">
                                                            <media:credit><![CDATA[Shutterstock]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[A blue digital map of the world with abstract decorative elements]]></media:description>                                                            <media:text><![CDATA[A blue digital map of the world with abstract decorative elements]]></media:text>
                                <media:title type="plain"><![CDATA[A blue digital map of the world with abstract decorative elements]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/XCRn8joXXfYZACjyvtoZWj-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>The Information Commissioner's Office (ICO) has published its first strategy paper outlining how it will adapt its regulatory approach in light of new challenges presented by rapidly changing technology.</p><p>Among the key goals outlined in the paper, drafted to enhance the regulator's overall technical expertise and understanding, the ICO will educate staff on technological issues, and ensure businesses and the wider public are kept informed on new data protection risks.</p><p>The ICO also established, in its plans, three priority areas for 2018/19, including cyber security, AI, and web and cross device tracking. The data regulator will develop an action plan for each area which it plans to review and update annually.</p><p><a href="https://ico.org.uk/media/about-the-ico/documents/2258299/ico-technology-strategy-2018-2021.pdf" target="_blank">The new three-year strategy</a> is part of the ICO's wider efforts to strengthen its commitment to technology and innovation, which includes the appointment of Simon McDougall as the first executive director for technology policy and innovation.</p><div  class="fancy-box"><div class="fancy_box-title"></div><div class="fancy_box_body"><p class="fancy-box__body-text"><a data-analytics-id="inline-link" href="https://www.itpro.com/information-commissioner/31565/people-are-more-aware-of-their-data-rights-than-ever-before-says-ico" data-original-url="/information-commissioner/31565/people-are-more-aware-of-their-data-rights-than-ever-before-says-ico">People are more aware of their data rights than ever before, says ICO</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/policy-legislation/31483/facebook-fined-500000-by-the-ico-following-cambridge-analytica-data-scandal" data-original-url="/policy-legislation/31483/facebook-fined-500000-by-the-ico-following-cambridge-analytica-data-scandal">Facebook fined £500,000 by the ICO following Cambridge Analytica data scandal</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/security/29897/ico-only-20-of-uk-citizens-trust-companies-with-their-data" data-original-url="/security/29897/ico-only-20-of-uk-citizens-trust-companies-with-their-data">ICO: Only 20% of UK citizens trust companies with their data</a></p></div></div><p>McDougall, the former managing director of IBM-owned consultancy firm Promontory, is a "well-known international figure in the world of information rights," according to the ICO, and has also served on the board of a number of international bodies committed to upholding citizens' data and information rights.</p><p>"I am honoured to have the opportunity to join the ICO and lead their work in this critical area," McDougall said. "Technological change continues to accelerate, and it is vital that the ICO remains constructively and robustly engaged as organisations innovate in the use of personal data."</p><p>Also among the ICO's plans is the launch of a 'regulatory sandbox' in which organisations can develop innovative tools and services with assistance and guidance from the ICO. The regulator plans to consult on the implementation of this scheme later in 2018.</p><p>"Technology is driving changes to the societal, political, legal and business environment that the Information Commissioner's Office (ICO) needs to regulate," Information Commissioner Elizabeth Denham wrote in the foreword of the new strategy.</p><p>"The most significant data protection risks to individuals are now driven by the use of new technologies. The risks are broad - from cyber-attacks to the growth of artificial intelligence and machine learning."</p><p>"The GDPR contains new provisions to better regulate the risks arising from technology, including data protection by design and data protection impact assessments.</p><p>"These advances need not come at the expense of data protection and privacy rights - the ICO's approach to technology will be underpinned by the concept that privacy and innovation are not mutually exclusive."</p><p>The ICO has faced numerous challenges in the last few months in light of a massive data misuse scandal involving Facebook and the now-defunct Cambridge Analytica, which perhaps gave the regulator a taste of the issues it could expect to face in an increasingly-digitised landscape.</p><p>Its investigations into the misuse of personal data in political campaigns, which spans a vast number of organisations, led to <a href="https://www.itpro.com/policy-legislation/31483/facebook-fined-500000-by-the-ico-following-cambridge-analytica-data-scandal" target="_blank" data-original-url="https://www.itpro.com/policy-legislation/31483/facebook-fined-500000-by-the-ico-following-cambridge-analytica-data-scandal">Facebook last month being fined 500,000</a> - the maximum under the Data Protection Act 1998. The full results of the ICO's investigation are expected to be published by the end of the year.</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Government’s online safety council for children will now look after adults ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/policy-legislation/31585/government-s-online-safety-council-for-children-will-now-look-after-adults</link>
                                                                            <description>
                            <![CDATA[ The council will focus on combating online harm, extremism, and violence against women, among other areas ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">sjrzvtethrWTJjpNK9qw8s</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/cSv2dLVU3k72yfXMrPKH25-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Fri, 27 Jul 2018 10:49:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Policy and Legislation]]></category>
                                                    <category><![CDATA[Business]]></category>
                                                                                                                    <dc:creator><![CDATA[ Keumars Afifi-Sabet ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/EAvwpZggMZ2K5h8s2pTAEm.jpg ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/cSv2dLVU3k72yfXMrPKH25-1280-80.jpg">
                                                            <media:credit><![CDATA[null]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[child using a smartphone possibly in an abusive situation]]></media:description>                                                            <media:text><![CDATA[child using a smartphone possibly in an abusive situation]]></media:text>
                                <media:title type="plain"><![CDATA[child using a smartphone possibly in an abusive situation]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/cSv2dLVU3k72yfXMrPKH25-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>The government has announced it will expand the scope of the UK Council for Child Internet Safety (UKCCIS) to cover the wider UK population.</p><p>Focusing on reinforcing digital safety for everyone across the country, the new UK Council for Internet Safety (UKCIS) will prioritise areas of online harm such as cyberbullying and sexual exploitation, as well as tackle the spread of radicalism and extremism across the internet.</p><p>Also trying to mitigate violence against girls and women, hate crime and hate speech, as well as discrimination that contravenes the Equality Act 2010 manifesting online, the UKCIS will encourage collaboration between more than 200 organisations representing the government, regulators, the digital industry, law enforcement, academia and charities.</p><p>"Only through collaborative action will the UK be the safest place to be online," said Margot James, minister for digital and the creative industries.</p><p>"By bringing together key stakeholders, from the tech giants to the third sector, UKCIS will be the cornerstone of this effort; driving the development of technical solutions and equipping UK citizens to tackle online harms."</p><div  class="fancy-box"><div class="fancy_box-title"></div><div class="fancy_box_body"><p class="fancy-box__body-text"><a data-analytics-id="inline-link" href="https://www.itpro.com/data-protection/31560/government-accidentally-leaks-counter-terrorism-tools-via-trello" data-original-url="/data-protection/31560/government-accidentally-leaks-counter-terrorism-tools-via-trello">Government accidentally leaks counter-terrorism tools via Trello</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/policy-legislation/31163/uk-government-draws-up-new-laws-after-social-media-firms-spurn-abuse-talks" data-original-url="/policy-legislation/31163/uk-government-draws-up-new-laws-after-social-media-firms-spurn-abuse-talks">UK government draws up new laws after social media firms spurn abuse talks</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/policy-legislation/30622/it-s-time-to-regulate-social-media-it-s-too-powerful" data-original-url="/policy-legislation/30622/it-s-time-to-regulate-social-media-it-s-too-powerful">It’s time to regulate social media – it’s too powerful</a></p></div></div><p>Since its conception in 2008, the UKCCIS has run a wide array of campaigns and put forward policy proposals that aim to improve the online safety and welfare for children in schools and colleges across the UK.</p><p>Notable work includes infamous proposals for the default filtering of online pornography, introduced in 2012, while more recently the organisation has issued <a href="https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/647389/Overview_of_Sexting_Guidance.pdf" target="_blank">guidance on 'sexting'</a>.</p><p>Plans to expand the UKCCIS were first outlined in the government's <a href="https://www.gov.uk/government/consultations/internet-safety-strategy-green-paper" target="_blank">Internet Safety Strategy green paper</a> in October last year, with an application process now underway to appoint board members to the new, beefier organisation. The consultation also covered introducing a social media code of practice, a social media levy, examining young people's use of dating websites, and exploring how new technology can be used to curb online home.</p><p>Comprising co-ministerial chairs from the department for culture, media and sport, the home office and the department for education, the board will retain an interest in combating online threats posed to the safety and welfare of children. Its remit will also expand, however, in a variety of areas to improve the online experience for the adult population.</p><p>The <a href="https://www.gov.uk/government/groups/uk-council-for-child-internet-safety-ukccis#ukcis-executive-board-application-now-open-deadline-3-september-2018" target="_blank">deadline for applications</a> to sit on the UKCIS' executive board will close on 3 September.</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Cambridge Analytica: US Congress probes data firm set up by ex-Cambridge Analytica employee ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/data-protection/30792/cambridge-analytica-facebook-scandal</link>
                                                                            <description>
                            <![CDATA[ Congress wants to know whether it's collecting data from apps or using data brokers ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">sURu6oN48phepxGQ5DKm2v</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/h9yjRSnwZovokWdfr2Dfhe-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Mon, 02 Jul 2018 06:55:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Data Breaches]]></category>
                                                    <category><![CDATA[Security]]></category>
                                                                                                                    <dc:creator><![CDATA[ Clare Hopping ]]></dc:creator>                                                                                    <dc:source><![CDATA[ null ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/h9yjRSnwZovokWdfr2Dfhe-1280-80.jpg">
                                                            <media:credit><![CDATA[null]]></media:credit>
                                                                                                                                                                                                                                                                                                                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/h9yjRSnwZovokWdfr2Dfhe-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>US Congress has requested that ex-Cambridge Analytica employee Matt Oczkowski answer questions regarding the use of data by his new company Data Propria.</p><p>Oczkowski has been asked to explain whether the data being used by Data Propria was supplied by researcher Aleksandr Kogan, who collected data from millions of Facebook users in 2016, according to a letter sent by Democrats on the House Energy and Commerce Committee last week.</p><p>"Given news reports indicating that Data Propria is being led by former Cambridge Analytica employees, including yourself, we believe the American people must be assured that Data Propria is not using consumer data wrongfully obtained by Cambridge Analytica or engaging in other inappropriate practices," the letter said.</p><div  class="fancy-box"><div class="fancy_box-title"></div><div class="fancy_box_body"><p class="fancy-box__body-text"><a data-analytics-id="inline-link" href="https://www.itpro.com/data-mining/31053/cambridge-analytica-closes-but-ico-investigation-rolls-on" data-original-url="/data-mining/31053/cambridge-analytica-closes-but-ico-investigation-rolls-on">Cambridge Analytica closes but ICO investigation rolls on</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/data-insights/30795/cambridge-analytica-and-facebook-what-happened-and-has-it-impacted-any-votes" data-original-url="/data-insights/30795/cambridge-analytica-and-facebook-what-happened-and-has-it-impacted-any-votes">Cambridge Analytica and Facebook: What happened and has it impacted any votes?</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/strategy/28683/ico-investigating-use-of-data-in-political-campaigns" data-original-url="/strategy/28683/ico-investigating-use-of-data-in-political-campaigns">ICO investigating use of data in political campaigns</a></p></div></div><p>Not only does Congress want Oczkowski to spill the beans on whether the data it's using as collected via Facebook, Democrats including Frank Pallone, Jr., Mike Doyle and Jan Schakowsky want to understand exactly how Data Propria is getting its data from Facebook, data brokers or other means.</p><p>It also requested that Data Propria advise Congress on whether or not it's telling consumers how their data is being used and if it's using the data for consulting purposes. For companies in the US, there's no legal requirement to disclose this information if customers request it, unlike the stringent rules imposed on those in the EU by <a href="https://www.itpro.com/it-legislation/27814/what-is-gdpr-everything-you-need-to-know" target="_blank" data-original-url="https://www.itpro.com/it-legislation/27814/what-is-gdpr-everything-you-need-to-know">GDPR</a>. </p><p>"You have acknowledged in interviews with press that the work of Data Propria will be very similar to Cambridge Analytica," the group continued in their letter. "The admitted overlap between the personnel and work of Cambridge Analytica and Data Propria raises serious concerns about Data Propria's practices regarding the collection and use of Americans' personal information."</p><p><strong>05/06/2018: SCL Elections ignores watchdog order to hand over user's data</strong></p><p>Cambridge Analytica has refused to comply with a deadline to hand over the data it holds on a US citizen, throwing a regulatory battle between itself and the Information Commissioner's Office (ICO) into "uncharted waters".</p><p>The ICO had given the now-defunct political consultancy firm until Monday to comply with a legal notice after Professor David Carroll filed a Subject Access Request (SAR) under the Data Protection Act 1998 to discover what information the company held on him.</p><p>But the organisation's data controller, SCL Elections, failed to respond to the ICO's enforcement order - with the UK data regulator now considering prosecution.</p><p>"We are looking at the apparent failure to comply with our Enforcement Notice by SCL Elections Limited and its directors," an ICO spokesperson told <em>IT Pro</em>. "A decision on options for next steps, including any decision on prosecution, will now be taken in line with the prosecutors code."</p><p>Despite being a US citizen, Professor Carroll launched a landmark test case in 2017 under UK data protection law, after learning that Cambridge Analytica had processed his personal data in the UK as part of its alleged profiling of US voters for work on the Trump presidential election campaign. His case, separately filed with the High Court, was backed by the ICO, with its outcome bearing implications for millions of Americans whose data had also been harvested by the company.</p><p>However, Cambridge Analytica did not recognise his right to submit a SAR as a non-UK citizen, and refused to provide the full extent of the data it held. Consequently the ICO last month issued a <a href="https://ico.org.uk/media/action-weve-taken/enforcement-notices/2258812/en-scl-elections-20180504.pdf" target="_blank">legal notice</a> for SCL Elections to comply in full - or face prosecution.</p><p>"My story is a peculiar example of how the typically American deference to the tech companies and a reluctance to consider comprehensive privacy rules contrasts with strong data protection regimes, enforced by a muscular regulator equipped with the necessary tools," said Carroll, giving evidence before the European Union's (EU) Civil Liberties, Justice and Home Affairs (LIBE) committee yesterday.</p><p>He revealed that Cambridge Analytica administrators had not yet provided the ICO with the login credentials to recover his data from its servers, which the regulator seized earlier this year as it investigates the use of data in political campaigns.</p><p>He later <a href="https://twitter.com/profcarroll/status/1003709748515082246" target="_blank">tweeted</a>: "The company did not respond to the @ICOnews Enforcement Order due today. We are now in uncharted waters."</p><p>Information commissioner Elizabeth Denham, also giving evidence before the LIBE committee, outlined the scale of the ICO's probe into the misuse of data in political campaigning, branding it the "largest investigation ever undertaken by a data protection authority".</p><p>Involving 40 full-time ICO staff as well as a further 20 external legal and forensic IT recovery experts, the enquiry is examining more than 30 separate organisations, and the actions of around a dozen individuals.</p><p>"We are investigating social media platforms, data brokers, analytics firms, political parties and campaign groups and academic institutions," <a href="https://ico.org.uk/media/about-the-ico/documents/2259093/ico-opening-remarks-ep-libe-facebook-cambridge-analytica-20180604.pdf" target="_blank">she told the committee</a>, adding: "We are looking at both regulatory and criminal breaches. We are working with other regulators, EU Data protection authorities and law enforcement in the UK and abroad."</p><p>Denham added the ICO has seized dozens of servers containing hundreds of terabytes of data from several searches, and has conducted dozens of interviews.</p><p>"We are looking at the complete range of sanctions at our disposal at this time including our new powers under the new UK Data Protection Act for no-notice inspections, quicker warrants, to compel delivery of evidence and to seal digital evidence where it cannot be immediately recovered," she continued.</p><p>Cambridge Analytica, which specialised in data analysis and strategic communication, shut down in early May, blaming "a siege of media coverage" that drove away its customers and suppliers, as it commenced parallel bankruptcy proceedings in the US.</p><p>"Over the past several months, Cambridge Analytica has been the subject of numerous unfounded accusations," the company said at the time, adding that despite trying to "correct the record" it has has been "vilified for activities that are not only legal, but also widely accepted as a standard component of online advertising in both the political and commercial arenas".</p><p>The ICO has made clear that companies shutting themselves down must still comply with subject access requests like Professor Carroll's. The regulator will publish a report outlining the wider implications of its ongoing investigations before the end of June, which will include a series of recommendations on regulatory gaps in areas such as data protection.</p><p><em>Picture: Shutterstock</em></p><p><strong>08/05/2018: ICO orders firm to hand over data to US citizen</strong></p><p>The UK's data protection watchdog has served a <a href="https://ico.org.uk/media/action-weve-taken/enforcement-notices/2258812/en-scl-elections-20180504.pdf">legal notice</a> to Cambridge Analytica, ordering it to give a US academic all of the personal data it holds on him.</p><p>Professor David Carroll, who is based at the Parson School of Design in New York, had filed a Subject Access Request (SAR) under the terms of the <a href="https://www.itpro.com/data-protection/28085/what-is-the-data-protection-act-1998" target="_blank" data-original-url="https://www.itpro.com/data-protection/28085/what-is-the-data-protection-act-1998">Data Protection Act 1998</a> to Cambridge Analytica after the scandal broke that the data modelling company <a href="https://www.itpro.com/data-protection/30792/cambridge-analytica-facebook-scandal" target="_blank" data-original-url="https://www.itpro.com/data-protection/30792/cambridge-analytica-facebook-scandal">had allegedly amassed 240 million Americans' Facebook profile data</a>.</p><p>However, he only received information that showed how the company had scored him on certain political categories, such as gun control and national security, leading him he to believe the information was incomplete and launch legal action.</p><p>Cambridge Analytica's data controller is UK-based company SCL Elections, and Professor Carroll took his case to England's High Court, and also filed a complaint with the UK Information Commissioner's Office (ICO).</p><div  class="fancy-box"><div class="fancy_box-title"></div><div class="fancy_box_body"><p class="fancy-box__body-text"><a data-analytics-id="inline-link" href="https://www.itpro.com/data-mining/31053/cambridge-analytica-closes-but-ico-investigation-rolls-on" data-original-url="/data-mining/31053/cambridge-analytica-closes-but-ico-investigation-rolls-on">Cambridge Analytica closes but ICO investigation rolls on</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/data-insights/30795/cambridge-analytica-and-facebook-what-happened-and-has-it-impacted-any-votes" data-original-url="/data-insights/30795/cambridge-analytica-and-facebook-what-happened-and-has-it-impacted-any-votes">Cambridge Analytica and Facebook: What happened and has it impacted any votes?</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/strategy/28683/ico-investigating-use-of-data-in-political-campaigns" data-original-url="/strategy/28683/ico-investigating-use-of-data-in-political-campaigns">ICO investigating use of data in political campaigns</a></p></div></div><p>The ICO said that not only does it believe Cambridge Analytica held back information, but pointed out that the firm did not offer an adequate explanation of where it had obtained Professor Carroll's data, or how it would be used.</p><p>However, <a href="https://ico.org.uk/about-the-ico/news-and-events/news-and-blogs/2018/05/ico-serves-enforcement-notice-on-scl-elections-ltd">in a statement</a>, information commissioner Elizabeth Denham, said that SCL Elections was unwilling to cooperate with its investigation over Professor Carroll's personal data.</p><p>"The company has consistently refused to cooperate with our investigation into this case and has refused to answer our specific enquiries in relation to the complainant's personal data - what they had, where they got it from and on what legal basis they held it," she said.</p><p>"The right to request personal data that an organisation holds about you is a cornerstone right in data protection law and it is important that Professor Carroll, and other members of the public, understand what personal data Cambridge Analytica held and how they analysed it."</p><p>The regulator's decision means potentially millions of US Facebook users whose data was harvested by Cambridge Analytica could make similar demands of the organisation.</p><p>Both Cambridge Analytica and SCL Elections have filed for insolvency after the Facebook data harvesting scandal and have questioned the ICO's jurisdiction given the data in question belongs to an American citizen, but the ICO doesn't agree and has warned the companies could face criminal charges for withholding the information.</p><p>"We are aware of recent media reports concerning Cambridge Analytica's future but whether or not the people behind the company decide to fold their operation, a continued refusal to engage with the ICO will potentially breach an Enforcement Notice and that then becomes a criminal matter," Denham added.</p><p>While Cambridge Analytica is closing, some of the people involved in the firm <a href="https://www.itpro.com/data-mining/31053/cambridge-analytica-closes-but-ico-investigation-rolls-on" target="_blank" data-original-url="https://www.itpro.com/data-mining/31053/cambridge-analytica-closes-but-ico-investigation-rolls-on">have started another venture called Emerdata</a>.</p><p><em>Picture: Shutterstock</em></p><p><strong>19/04/2018: Alexander Nix may face formal summons to Parliament</strong></p><p>Alexander Nix, the suspended CEO of Cambridge Analytica, may face an official summons to appear before the Digital, Cultural, Media and Sport Committee after refusing to attend voluntarily.</p><p>The committee wanted him to address inconsistencies in testimony he gave in February stating that Cambridge Analytica did not have or work with Facebook users' data. Shortly afterwards, <em>The Observer</em> revealed that Cambridge Analytica allegedly had access to tens of millions of Facebook profiles.</p><p>Nix's lawyers said on Tuesday, however, that Nix was "not able to give evidence tomorrow as a consequence of him having been served with an information notice and being subject of a criminal investigation by the Information Commissioner's Office".</p><div  class="fancy-box"><div class="fancy_box-title"></div><div class="fancy_box_body"><p class="fancy-box__body-text"><a data-analytics-id="inline-link" href="https://www.itpro.com/data-mining/31053/cambridge-analytica-closes-but-ico-investigation-rolls-on" data-original-url="/data-mining/31053/cambridge-analytica-closes-but-ico-investigation-rolls-on">Cambridge Analytica closes but ICO investigation rolls on</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/data-insights/30795/cambridge-analytica-and-facebook-what-happened-and-has-it-impacted-any-votes" data-original-url="/data-insights/30795/cambridge-analytica-and-facebook-what-happened-and-has-it-impacted-any-votes">Cambridge Analytica and Facebook: What happened and has it impacted any votes?</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/strategy/28683/ico-investigating-use-of-data-in-political-campaigns" data-original-url="/strategy/28683/ico-investigating-use-of-data-in-political-campaigns">ICO investigating use of data in political campaigns</a></p></div></div><p>In response, committee chairman Damian Collins said he may order Nix to give more evidence to the committee.</p><p>"It is certainly the intention of the committee to take this further and consider issuing a summons for Mr. Nix to appear on a named day at some point in the near future," said Collins, who <a href="https://www.theguardian.com/uk-news/2018/apr/17/cambridge-analytica-chief-alexander-nix-refuses-to-appear-before-fake-news-inquiry" target="_blank">warned Nix last month</a> on the severity of giving false statements to a select committee.</p><p>Though Nix did not appear, Cambridge Analytica whistleblower Brittainy Kaiser delivered written testimony and documents to the committee on Tuesday.</p><p>Kaiser wrote that Arron Banks of Leave.EU collected the personal data of people he sold car insurance to through his company GoSkippy, and that this data may have been used to target possible Brexit supporters.</p><p>"I do not believe Banks's written evidence to this inquiry is a full account of what happened," said Kaiser, submitting proposals for projects under Banks, along with supporting emails.</p><p>Cambridge Analytica also used quizzes to mine data on users, including a "sex compass" quiz, according to <a href="https://www.parliament.uk/documents/commons-committees/culture-media-and-sport/Brittany%20Kaiser%20Parliamentary%20testimony%20FINAL.pdf" target="_blank">Kaiser's testimony</a>.</p><p>"I do not know the specifics of these surveys or how the data was acquired or processed," said Kaiser.</p><p>She started the #OwnYourData campaign to push Mark Zuckerberg to change Facebook's terms of service so users get more rights over their own data. The campaign, which has 147,000 signatures, asks Zuckerberg to respond by the end of April. Facebook <a href="https://www.itpro.com/data-protection/28029/latest-gdpr-news-uk" target="_blank" data-original-url="https://www.itpro.com/data-protection/28029/latest-gdpr-news-uk">today introduced changes to its terms and conditions</a> that bring them in line with the EU's impending GDPR data protection legislation.</p><p><strong>12/04/2018: Zuckerberg claims ignorance about 'shadow profiles'</strong></p><p>Facebook founder Mark Zuckerberg was grilled by members of a US congressional committee over the social network's use of so-called "Shadow Profiles".</p><p>Shadow Profiles are said to be data collected by Facebook about non-users of the network, such as email addresses, names tagged in photos, or details in a smartphone contact list. This data is hidden from users but used to recommend friends and new connections as well as social data analysis. This data is not normally disclosed to account owners but is used in Facebook's "People You May Know" feature.</p><p>The existence of shadow profiles came to light in 2013 when a bug in Facebook showed not just contact details of a user's friend's in a download file but also their friend's shadow contact information.</p><p>At the hearing, of the US House Energy and Commerce Committee, New Mexico Representative Ben Lujan asked Zuckerberg about these profiles.</p><p>Zuckerberg replied that "in general we collect data on people who have not signed up for Facebook for security purposes to prevent the kind of scraping you were just referring to."</p><p>Zuckerberg denied he was familiar with the term "Shadow Profile". Lujan then asked how many data points on average Facebook collects on its users. Zuckerberg replied that he did not know.</p><p>Lujan then asked how many data points Facebook collected on non-users. Again, Zuckerberg said he did not know. Lujan then asked how someone who does not have a Facebook account opt out of Facebook's involuntary data collection?</p><p>The Facebook CEO responded that "anyone e can turn off and opt out of any data collection for ads, whether they use our services or not." He then suggested that Facebook still needed to collect non-user data for security reasons.</p><p>"In order to prevent people from scraping public information [...] we need to know when someone is repeatedly trying to access our services," he told the committee.</p><p>Lujan pointed out to Zuckerberg that non-users wanting to request what data it has on them need to go a Facebook page and sign up for an account to access their data.</p><p><strong>11/04/2018: Zuckerberg deflects US regulations in first Senate hearing</strong></p><p>Facebook CEO Mark Zuckerberg emerged relatively unscathed from the first of two US Senate hearings, managing to deflect attempts to enforce tougher regulations on the social media platform.</p><p>During a grilling by a joint committee of 44 US Senators, the 33-year-old internet mogul took full responsibility company failings that led to the improper sharing of data on approximately 87 million Facebook users, however, made no commitments to supporting any specific reactionary legislation drawn up by Congress.</p><p>Zuckerberg began with an opening speech that was released ahead of schedule, followed by a series of questions aimed at probing Facebook's business model and the events leading to the exploitation of the platform by Cambridge Analytica.</p><p>He admitted that the company had failed to audit the agreement drawn up with Cambridge Analytica, and said that it had become apparent that the firm had misled Facebook to exploit its algorithms.</p><p>He also conceded that following the discovery of the data breach in 2015, failing to notify both the Federal Trade Commission and the public immediately was a mistake, though he believed the case to be "closed" after dealing with the issue internally.</p><p>On the question of whether Zuckerberg would support the introduction of legislation Zuckerberg said:</p><p>"I'll have my team follow up with you so that way we can have this discussion across the different categories where I think this discussion needs to happen."</p><p>Shares in the company fell sharply on the news of the Cambridge Analytica scandal, however, investors were clearly happy with Zuckerberg's performance on Tuesday, as shares saw the single biggest daily jump in almost two years, up by 4.5%.</p><p>It could be argued that some Senators' questions failed to probe enough into the failings behind the scandal, as many were targeted at Facebook's business model or the way it currently manages data on the platform.</p><p>At one point, it appeared Zuckerberg was answering basic questions on how an internet company operates. Senator Orrin Hatch asked: "How do you sustain a business model in which users don't pay for your service?"</p><p>"Senator, we run ads," said Zuckerberg.</p><p>This was shortly followed by a question by Senator John Kennedy on whether the company would work on providing better ways for users to delete their data, only for Zuckerberg to highlight that such functions already exist.</p><p>It wasn't all smooth sailing for the CEO however. At around 2 hours into the hearing, Senator Lindsey Graham from South Carolina launched a barrage of questions on the subject of market monopolies and customer choice, frequently interrupting Zuckerberg before he could finish answering.</p><p>On the question of what competitors Facebook has, Zuckerberg attempted to offer up rival tech companies such as Google, Apple and Twitter, only for the Senator to dismiss them as he believes Facebook offers a unique service.</p><p>Graham: "I'm talking about is there real competition you face. Because car companies face a lot of competition. If they make a defective car, it gets out in the world, people stop buying that car, they buy another one. Is there an alternative to Facebook in the private sector?"</p><p>Zuckerberg: "Yes Senator, the average American uses 8 different apps...to communicate with their friends and stay in touch with people, ranging from text to email."</p><p>Graham: "OK, which is the same service that you provide."</p><p>Zuckerberg: "Well, we provide a number of different services."</p><p>Graham: "Is Twitter the same as what you do?"</p><p>Zuckerberg: "It overlaps with a portion of what we do."</p><p>Graham: "You don't think you have a monopoly?"</p><p>Zuckerberg responded with a pause, before adding that "it certainly doesn't feel like that to me!", prompting laughter from the chamber.</p><div class="see-more see-more--clipped"><blockquote class="twitter-tweet hawk-ignore" data-lang="en"><p lang="en" dir="ltr"><a href="https://twitter.com/cantworkitout/status/983843066019753984"></a></p></blockquote><div class="see-more__filter"></div></div><p>While this moment was perhaps the toughest for Zuckerberg, other Senators were clearly displeased with his answers.</p><p>Writing on Twitter after the hearing, Senator Kamala Harris said: "Mark Zuckerberg's failure to answer several critical questions during his appearance before the Senate today leaves me concerned about how much Facebook values trust and transparency."</p><p>Tuesday's hearing was the first of two for Zuckerberg, who is also due to appear before the House Energy and Commerce Committee on Wednesday.</p><p>Speaking on Tuesday, Senator John Thune said a separate hearing would be held specifically on Cambridge Analytica, and other companies that may have been involved with the improper sharing of data on Facebook.</p><p><strong>10/04/2018: Zuckerberg apologises for data scandal ahead of Congress hearing</strong></p><p>Facebook CEO Mark Zuckerberg has apologised for failings in his company's data protection policies that led to 87 million users having their information improperly shared to third-parties, according to documents released yesterday ahead of his Congressional hearing on Tuesday.</p><p>Zuckerberg, who is due to appear before Congress to answer questions relating to improper data sharing deals on the social media site, also took responsibility for failing to stop the spread of fake news to influence public opinion.</p><p>"Facebook is an idealistic and optimistic company," said Zuckerberg, in a transcript compiled by <em><a href="https://www.cnbc.com/2018/04/09/congress-released-mark-zuckerbergs-prepared-testimony-ahead-of-wednesdays-hearing.html">CNBC</a></em>. "For most of our existence, we focused on all the good that connecting people can bring.</p><p>"But it's clear now that we didn't do enough to prevent these tools from being used for harm as well. That goes for fake news, foreign interference in elections, and hate speech, as well as developers and data privacy."</p><p>"We didn't take a broad enough view of our responsibility, and that was a big mistake," he added. "It was my mistake, and I'm sorry. I started Facebook, I run it, and I'm responsible for what happens here."</p><p>In the documents released ahead of Tuesday's hearing, Zuckerberg said the company was committed to making changes to policy that would "significantly impact our profitability", but these would take some time to implement.</p><p>The scandal surrounding Facebook and its data policies show no sign of abating. Recent reports from New Zealand suggest that as many as 63,714 users could have had their information exposed to Cambridge Analytica's data harvesting, after only 10 people took part in an online personality quiz.</p><p>John Edwards, New Zealand's data protection commissioner, said he was urgently reviewing the case and would seek answers from Facebook on how the data was being used by Cambridge Analytica, according to the <a href="https://www.theguardian.com/technology/2018/apr/10/facebook-data-breach-hits-63714-new-zealanders-after-10-people-download-quiz"><em>Guardian</em></a>.</p><p>Edwards reportedly deleted his Facebook account upon hearing news of the incident and has said that New Zealanders should consider doing the same.</p><p>Apple's co-founder, Steve Wozniak, told <em><a href="https://www.usatoday.com/story/tech/2018/04/08/apple-co-founder-steve-wozniak-says-hes-leaving-facebook/497392002">USA Today</a></em> that he would also be deleting his Facebook account over concerns that the social media site was becoming increasingly careless with user data.</p><p>"Users provide every detail of their life to Facebook and ... Facebook makes a lot of advertising money off this," he said to the newspaper. "The profits are all based on the user's info, but the users get none of the profits back."</p><p>Zuckerberg will appear before a joint hearing of the US Senate Judiciary and Commerce committee on Tuesday 10 April at 2:15 pm ET (7.15pm BST), and again before the US House Energy and Commerce Committee on Wednesday at 10 am ET (3 am BST). Details on how to watch Tuesday's hearing <a href="https://www.itpro.com/data-protection/30907/mark-zuckerberg-at-congress-why-when-and-where-to-watch" data-original-url="https://www.itpro.com/data-protection/30907/mark-zuckerberg-at-congress-why-when-and-where-to-watch">can be found here</a>.</p><p><strong>06/04/2018: Sheryl Sandberg admits 'mistakes'</strong></p><p>Weeks after the Cambridge Analytica scandal first started making headlines, Facebook's chief operating officer (COO), Sheryl Sandberg, has finally broken her silence on the matter.</p><p>Speaking to the <em>Financial Times</em>, Sandberg admitted the company had underinvested in safety and security but added that this attitude was changing. Indeed, there has been a flurry of announcements this week from senior figures detailing changes that have been made to the way the company shares data and giving users more granular control over what data Facebook holds on them (read on below).</p><p>"We made mistakes and I own them and they are on me," <a href="https://www.ft.com/content/9e973ba4-3903-11e8-8eee-e06bde01c544">Sandberg told <em>the FT</em></a>, adding: "There are operational things that we need to change in this company and we are changing them ... We have to learn from our mistakes and we need to take action."</p><p>Although Facebook admitted earlier this week that around 87 million of its 2.2 billion users are thought to have had their data scraped by Cambridge Analytica, Sandberg said the company is in the dark as to what exactly was taken, because it can't undertake an internal probe until the one being conducted by the Information Commissioner's Office (ICO) in the UK is completed.</p><p>Sandberg also acknowledged that she and CEO Mark Zuckerberg should have spoken out on the matter sooner, but added that they "wanted to make sure [they] knew exactly what happened" before making any public statements.</p><p>She also claimed that Russian meddling in the US election in 2016 through disinformation and incendiary posts took the social platform's top executives by surprise.</p><p>"Things happened in 2016 which we were too slow to understand. Now we are following and investigating very thoroughly," she said.</p><p>Her comments come after Zuckerberg held a press Q&A in which he admitted the company hadn't done enough to ensure third-party apps were using people's data responsibly and in line with Facebook's terms and conditions.</p><p>"In retrospect, I think we clearly should have been doing more all along," he said.</p><p>Facebook yesterday revealed new measures <a href="https://www.itpro.com/data-protection/28029/latest-gdpr-news-uk" data-original-url="https://www.itpro.com/data-protection/28029/latest-gdpr-news-uk">to bring Facebook's data protection policies in line with the EU's tougher rules</a> coming into force next month, including making the policy easier to understand, and explaining how and why Facebook uses people's information.</p><p><strong>05/04/2018: Facebook admits it 'could have done more' to scrutinise third-party apps</strong></p><p>Mark Zuckerberg has admitted that Facebook "should have been doing more" to ensure third-party companies were using the social network's data responsibly, as revised figures suggest as many as 87 million users may have been affected by the Cambridge Analytica scandal.</p><p>The admission came as Facebook's chief faced a grilling from the press over the company's data protection practices and how much it scrutinised those services accessing social media data.</p><p>"In retrospect, I think we clearly should have been doing more all along," said Zuckerberg, speaking at the conference on Wednesday. "I'm not trying to defend this now: I think our view in a number of aspects of our relationship with people is that our job is to give them tools, and that it was largely people's responsibility how they chose to use them.</p><p>"I think it was wrong in retrospect to have that limited of a view," he added. "I think we need to take a broader view of our responsibility."</p><p>Facebook now believes as many as 87 million users may have had their data improperly shared with Cambridge Analytica as a result of past policies, some 37 million more than previously thought.</p><p>"We wanted to take a broad view that is a conservative estimate," said Zuckerberg. "I am quite confident that given our analysis that it is not more than 87 million. It very well could be less, but we wanted to put out the maximum we felt that it could be as that analysis says."</p><p>In response to concerns about its data protection policies, Facebook has said it now intends to roll out <a href="https://www.itpro.com/data-protection/28029/latest-gdpr-news-uk" data-original-url="https://www.itpro.com/data-protection/28029/latest-gdpr-news-uk">EU General Data Protection Regulations worldwide</a>, dismissing <a href="https://www.theguardian.com/technology/2018/apr/04/facebook-gdpr-stronger-privacy-protections-eu-data-protection-law-mark-zuckerberg">earlier reports</a> that the measures would be diluted for US users.</p><p>Facebook also announced a string of updates to its API that aim to restrict the access third-parties have to user data. This includes a new App Controls link at the top of a user's news feed that gives an overview of the data they're sharing with third-party applications. As part of this addition, Facebook will also be telling users if their data had been improperly shared with Cambridge Analytica.</p><p>From now on, if a user allows an app to access data on the events they're attending, that app will no longer have free reign to scrape information from the list of users also interested in the event.</p><p>Apps will also no longer be able to use the Pages API to access posts or comments on any page by default, and instead only those "providing useful services to our community" will be able to petition Facebook for approval.</p><p>The ways in which Facebook groups work are also changing. Instead of a single member being able to give permission for an app to access group content, any third-parties using the API will need to be approved by Facebook first.</p><p>The ability to search for a person using their phone number or email address has also been scrapped, after it was found that the feature was being abused to harvest profile data, and any application seeking to access a user's feed, including likes, posts and photos, will need to first ask Facebook.</p><p>Last week it was revealed that Facebook had been storing user call and text histories as part of an opt-in feature on the Android version of Facebook. Although it appears the company will still maintain this practice, Facebook has said it will review the data it collects to ensure no message content is stored, and that it will delete all logs older than one year. Broader data, such as the time of calls, will now no longer be collected.</p><p>Zuckerberg revealed that his company had opened an investigation into the data Cambridge Analytica data agreement, as it still doesn't know exactly what information the firm held on its systems. However, this has since been put on hold while the UK's Information Commissioner's Office conducts its own investigation, which includes the examination of files taken during a raid on Cambridge Analytica's London headquarters in March.</p><p>Zuckerberg is <a href="https://www.itpro.com/data-protection/30842/facebook-data-privacy-scandal" data-original-url="https://www.itpro.com/data-protection/30842/facebook-data-privacy-scandal">due to appear before Congress next week</a> to defend company policies, having already refused to testify before a UK parliamentary committee.</p><p><strong>26/03/2018: Cambridge Analytica: Watchdog examines 'evidence' after London office raid</strong></p><p>The UK's data watchdog raided Cambridge Analytica's London headquarters on Friday evening after finally getting a search warrant approved by a High Court judge.</p><p>Twenty officials from the Information Commissioner's Office entered the Oxford Street address at 8pm to look for evidence relating to allegations the analytics firm harvested data from 50 million Facebook users without their consent.</p><p>The property search lasted seven hours, and an undisclosed volume of evidence was taken from the property, the ICO said.</p><p>"We will now need to assess and consider the evidence before deciding the next steps and coming to any conclusions," an ICO spokesperson <a href="https://ico.org.uk/about-the-ico/news-and-events/news-and-blogs/2018/03/ico-statement-investigation-into-data-analytics-for-political-purposes">said in a statement</a>. "This is one part of <a href="https://www.itpro.com/strategy/28683/ico-investigating-use-of-data-in-political-campaigns" data-original-url="https://www.itpro.com/strategy/28683/ico-investigating-use-of-data-in-political-campaigns">a larger investigation by the ICO</a> into the use of personal data and analytics by political campaigns, parties, social media companies and other commercial actors."</p><p>The ICO announced it was investigating the allegations against Cambridge Analytica on 17 March, and issued a Demand for Access to records two days later. However, the judge adjourned the case from last Wednesday to last Friday, meaning a warrant wasn't granted until late that evening. Media reports showed pictures of boxes being carried out of Cambridge Analytica's shared offices prior to the warrant hearings.</p><p>The search forms part of wider public scrutiny into whether Facebook did enough to secure the data it held on its users, as well as whether data was abused to influence elections.</p><p>A former Cambridge Analytica director told the <a href="https://www.theguardian.com/news/2018/mar/23/cambridge-analytica-misled-mps-over-work-for-leave-eu-says-ex-director-brittany-kaiser"><em>Guardian</em></a> on Friday that the firm's management deliberately misled the British public about its involvement with a pro-Brexit group, Leave.EU, during the referendum campaign period.</p><p>In an attempt to mitigate fallout, Facebook took out full-page adverts in both UK and US newspapers over the weekend, in which CEO Mark Zuckerberg said the incident was a "breach of trust" and said he was "sorry we didn't do more at the time".</p><p>His comments were later echoed by COO Sheryl Sandberg, who told <em>CNBC</em> on Friday that the case "was a critical moment for our company". "We are going to do everything we can," added Sandberg. "I would definitely have had Mark and myself out speaking earlier, but we were trying to get to the bottom of this."</p><p>Friday's raid kicked off a turbulent weekend for the social media company, which saw scathing opinion polls and fresh revelations of data misuse.</p><p>A <em><a href="https://www.reuters.com/article/us-facebook-cambridge-analytica-apology/americans-less-likely-to-trust-facebook-than-rivals-on-personal-data-idUSKBN1H10AF">Reuters</a></em> poll in the US found that less than half of Americans now trust Facebook to adhere to US privacy laws, while 60% of users in Germany believe social networks are negatively impacting the democratic process, according to national newspaper <em>Bild am Sonntag</em>.</p><p>There were also multiple reports of users downloading their account files stored on Facebook's website, only to discover that call data from mobile phones was also being logged, including who they called and for how long, seemingly without their knowledge.</p><div class="see-more see-more--clipped"><blockquote class="twitter-tweet hawk-ignore" data-lang="en"><p lang="en" dir="ltr"><a href="https://twitter.com/cantworkitout/status/977325434030428160"></a></p></blockquote><div class="see-more__filter"></div></div><p>Facebook has <a href="https://newsroom.fb.com/news/2018/03/fact-check-your-call-and-sms-history">since refuted the claim</a> that this was done secretly, pointing to a usage agreement as part of its Messenger platform that allows users to opt-in to call and text history logging.</p><p>Zuckerberg has now been called to appear before a UK parliamentary committee to give evidence on the Cambridge Analytica's use of personal data. The committee has demanded a response by the end of today.</p><p><strong>22/03/2018: ICO must wait for warrant</strong></p><p>UK data watchdog the Information Commissioner's Office (ICO) will not get access to Cambridge Analytica's London offices until Friday at the earliest, after its demand for a warrant to search the premises was adjourned.</p><p>In a statement today, an ICO spokesperson said: "A High Court judge has adjourned the ICO's application for a warrant relating to Cambridge Analytica until Friday. The ICO will be in court to continue to pursue the warrant to obtain access to data and information to take forward our investigation."</p><p>While <em>IT Pro</em> asked the regulator why it was adjourned, a spokesperson declined to comment further. However, <em>Guardian</em> journalist Carole Cadwalladr reported that the judge granted an extension because Cambridge Analytica's legal counsel was unavailable.</p><div class="see-more see-more--clipped"><blockquote class="twitter-tweet hawk-ignore" data-lang="en"><p lang="en" dir="ltr"><a href="https://twitter.com/cantworkitout/status/976811145792237568"></a></p></blockquote><div class="see-more__filter"></div></div><p>It means the ICO's planned raid of Cambridge Analytica's offices is further delayed, despite reports earlier this week claiming <a href="https://www.theguardian.com/uk-news/2018/mar/22/cambridge-analytica-warrant-high-court-adjourns-hearing-information-commissioner">boxes were being removed from the firm's shared premises on Tuesday</a>.</p><p>Meanwhile, Facebook CEO Mark Zuckerberg has finally broken his silence over allegations that Cambridge Analytica accessed the data of 50 million Facebook users without their consent, seeking to reassure users that a similar abuse of people's information could never happen again.</p><p>The scandal, which broke earlier this week, surrounds the use of a quiz developed for data mining and an analytics firm that harvested the data not just of those who used the app (thisisyourdigitallife), but also of all their Facebook friends.</p><p>Several days after the story first broke, Zuckerberg finally issued an official response through Facebook, which includes a timeline of events and an explanation of how an app could have accessed data from individuals who didn't have any direct contact with it.</p><p>The Facebook CEO said: "The good news is that the most important actions to prevent this from happening again today we have already taken years ago.</p><p>"In 2014, to prevent abusive apps, we announced that we were changing the entire platform to dramatically limit the data apps could access. Most importantly, apps like [thisisyourdigitallife] could no longer ask for data about a person's friends unless their friends had also authorized the app.</p><p>"We also required developers to get approval from us before they could request any sensitive data from people. These actions would prevent any app ... from being able to access so much data today."</p><p>However, he added that the company is taking further steps to tighten up how it guards user data, including revoking apps' access where users haven't used them for three months, and reducing the data first given to apps on sign in to just the user's name, profile picture and email address.</p><p>This is particularly significant as part of the broad range of data collected by Cambridge Analytica included very sensitive data such as sexuality, location, religion and political leanings, and apps could access this data indefinitely.</p><p>Zuckerberg also claimed that Cambridge Analytica has once again affirmed that it has deleted all the data linked to this case something it previously said it had done in 2015, but which an Observer article subsequently contradicted with the account of former employee and whistleblower Christopher Wylie.</p><p>Cambridge Analytica has voluntarily agreed to a full forensic audit to ensure this is the case, Zuckerberg added.</p><p>Meanwhile, Wylie, the ex-director of research at Cambridge Analytica who blew the whistle on this scandal, took to Twitter to confirm he would be accepting invitations to testify in front of several legislative bodies in the US and UK.</p><div class="see-more see-more--clipped"><blockquote class="twitter-tweet hawk-ignore" data-lang="en"><p lang="en" dir="ltr"><a href="https://twitter.com/cantworkitout/status/976594279425630209"></a></p></blockquote><div class="see-more__filter"></div></div><p><strong>20/03/2018: ICO seeks warrant to raid London offices</strong></p><p>The UK's data privacy watchdog is seeking a warrant to raid Cambridge Analytica's London headquarters in order to investigate allegations that the company illegally harvested the information of 50 million Facebook profiles.</p><p>The Information Commissioner's Office (ICO) confirmed to <em>IT Pro</em> this morning that it is seeking an urgent warrant following the company's failure to comply with its request on 7 March for access to its databases and records.</p><p>"Cambridge Analytica has not responded to the commissioner by the deadline provided; therefore, the information commissioner is seeking a warrant to obtain information and access to systems and evidence related to her investigation," an ICO spokesman said.</p><p>The news follows an expos by <em><a href="https://www.theguardian.com/news/2018/mar/17/cambridge-analytica-facebook-influence-us-election">the Observer</a> </em>that claimed Cambridge Analytica had used the Facebook data of more than 50 million people in order to build a powerful predictive analytics algorithm that could accurately predict political preferences, sexuality and other personal traits.</p><p>It has also emerged that Facebook was in the process of conducting its own internal investigation into Cambridge Analytica's actions separately to the ICO, which it ceased yesterday at the regulator's behest. Damian Collins, chair of the culture select committee, expressed doubt as to Facebook's motives in conducting its own investigation, telling the <em>BBC</em> that "This is a matter for the authorities".</p><p>"The concern would have been, were they removing information or evidence which could have been vital to the investigation? It's right they stood down but it's astonishing they were there in the first place."</p><p>Facebook is planning an open meeting today, to let staff grill the company's management on the unfolding incident. According to <a href="https://www.theverge.com/2018/3/20/17142074/facebook-employee-meeting-cambridge-analytica"><em>the Verge</em></a>, the meeting will be led by Facebook deputy general counsel Paul Grewal, who will give staff background information on the case and field questions from staff.</p><p>It will mark the first time that staff have had an official opportunity to ask questions of the company's leadership since the scope of Cambridge Analytica's use of Facebook data was publicly revealed - although Facebook has admitted it was aware of the issue in 2015, a year after it happened.</p><p>The meeting is planned to last just half an hour, and an employee told the <em>Verge</em> that the move felt like a temporary solution to buy time until Friday's all-hands meeting where founder and CEO Mark Zuckerberg - who has thus far been silent on the issue - is expected to address employees. Collins has called on Zuckerberg or a senior Facebook executive to give evidence to his Parliamentary committee on the scandal.</p><p><strong><em>To understand what the Cambridge Analytica and Facebook scandal is all about, read <a href="https://www.itpro.com/data-insights/30795/cambridge-analytica-and-facebook-what-happened-and-has-it-impacted-any-votes" data-original-url="https://www.itpro.com/data-insights/30795/cambridge-analytica-and-facebook-what-happened-and-has-it-impacted-any-votes">our explainer</a>.</em></strong></p><p>Facebook maintains that this is not a data breach in the traditional sense, and is instead a misuse of legitimately-obtained data. Security expert Graham Cluley agreed with the assessment, but said it shows fundamental issues with Facebook's design. "From Facebook's point of view, it's not a traditional data breach," he told <em>IT Pro</em>. "That's because this is how Facebook was designed, and many apps over the years have scooped up users' information and (privacy settings permitting) those of their friends as well."</p><p>"Hundreds of millions of times every day Facebook hones the content it displays to you based on what it has determined you are interested in, who you are, and what it thinks will be most effective. So, it's not that different from what Cambridge Analytica does with the same access to the data," he added.</p><p>"None of this is news. Facebook has been working this way for years. The only way to reduce your exposure is to refuse to play Facebook's game and not be a member of the site. If you can't bring yourself to leave, at the very least lock down your privacy settings and reduce the level of information that you share."</p><p>Cambridge Analytica's CEO, Alexander Nix, was also caught in an undercover sting by Channel 4, which recorded Nix seemingly bragging about using ex-intelligence operatives, micro-targeted propaganda and 'honeypot' traps to influence elections and other political proceedings.</p><p>"We're used to operating through different vehicles, in the shadows, and I look forward to building a very long-term and secretive relationship with you," Nix told undercover reporters posing as potential clients in an initial phone call.</p><p>"We have two projects at the moment, which involve doing deep, deep depth research on the opposition and providing... really damaging source material, that we can decide how to deploy in the course of the campaign," he said as part of a later meeting recorded by Channel 4.</p><p>Cambridge Analytica denied that it uses any of the methods alleged by the investigation, and stated that it was simply 'humouring' the potential client.</p><p><strong>19/03/2018: Millions of Facebook profiles 'mined illegally' by Cambridge Analytica</strong></p><p>The personal data of 50 million Facebook users was leaked to a data analytics firm and used to help Donald Trump win the 2016 US presidential election, it has been claimed.</p><p>Cambridge Analytica used this information to build sophisticated software models in 2014 to target US voters with political advertising, according to a whistleblower who said he helped collect the data.</p><p>Facebook, which denied the incident amounted to a data breach, confirmed it knew about it in 2015 but didn't inform affected individuals or data protection regulators.</p><p>Whistleblower Christopher Wylie said he worked with a Cambridge University academic to collect user data via a third-party Facebook app called thisisyourdigitallife.</p><p>Aleksandr Kogan created the app through his company Global Science Research (GSR) and worked with Cambridge Analytica to pay 270,000 Facebook users to take part in a personality test. They also agreed to have their data, such as their home city and Facebook 'likes', collected for academic use.</p><p>But then-Analytica employee Wylie told the <a href="https://www.theguardian.com/news/2018/mar/17/cambridge-analytica-facebook-influence-us-election"><em>Observer</em></a>, which broke the story, that the app also collected data belonging to Facebook friends of the users who signed up to the quiz, producing a pool of data of tens of millions of people.</p><p>"We exploited Facebook to harvest millions of people's profiles," Wylie told the newspaper. "And built models to exploit what we knew about them and target their inner demons. That was the basis the entire company was built on."</p><p>Cambridge Analytica claimed it had deleted all the data shared by GSR when it discovered this information was collected in breach of Facebook's terms of service and had no reason to believe the data was obtained illegally.</p><p>"In 2014, we contracted a company led by a seemingly reputable academic at an internationally-renowned institution to undertake a large scale research project in the United States," its statement read.</p><p>"No data from GSR was used by Cambridge Analytica as part of the services it provided to the Donald Trump 2016 presidential campaign."</p><p>On the eve of the story breaking, Facebook said it has banned Cambridge Analytica from its platform.</p><p>In explaining its decision, Facebook said that while Kogan obtained people's data legitimately, by then sharing that information with Cambridge Analytica he had "lied" to the company and broken platform rules about not sharing such information with third-parties. Kogan maintains he acted legally and had a "close working relationship" with Facebook, the <em>Guardian</em> reports.</p><p>Facebook learned of this violation in 2015 and subsequently removed the app from its platform. It also "demanded certifications" from Kogan, Wylie and Cambridge Analytica that they had deleted the data.</p><p>However, while Wylie said he received a letter from Facebook lawyers in August 2016 to this effect, he claimed they never followed up to verify the data was deleted.</p><p>"That to me was the most astonishing thing," he said. "They waited two years and did absolutely nothing to check that the data was deleted. All they asked me to do was tick a box on a form and post it back."</p><p>The social network also failed to report the leak of data to the affected users or to US state regulators, because it claimed the event was not a data breach.</p><p>Facebook said: "Several days ago, we received reports that, contrary to the certifications we were given, not all data was deleted. We are moving aggressively to determine the accuracy of these claims.</p><p>"If true, this is another unacceptable violation of trust and the commitments they made. We are suspending SCL/Cambridge Analytica, Wylie and Kogan from Facebook, pending further information."</p><p>UK data protection regulator the Information Commissioner's Office <a href="https://www.itpro.com/strategy/28683/ico-investigating-use-of-data-in-political-campaigns" data-original-url="https://www.itpro.com/strategy/28683/ico-investigating-use-of-data-in-political-campaigns">is already conducting an investigation into the use of personal data in political campaigns</a> and confirmed it's looking into this incident as part of the investigation.</p><p>"Our investigation into the use of personal data for political campaigns, includes the acquisition and use of Facebook data by SCL [Strategic Communication Laboratories, which is affiliated with Cambridge Analytica], Doctor Kogan and Cambridge Analytica," said information commissioner Elizabeth Denham.</p><p>"This is a complex and far-reaching investigation for my office and any criminal or civil enforcement actions arising from it will be pursued vigorously."</p><p>Damian Collins MP, chair of the Digital, Culture, Media and Sport Committee, accused Cambridge Analytica CEO Alexander Nix of misleading the committee when he told the committee while giving evidence last month that his firm had not received any data from GSR.</p><p>Collins said: "It seems clear that he has deliberately mislead (sic) the committee and Parliament by giving false statements. We will be contacting Alexander Nix next week asking him to explain his comments, and answer further questions relating to the links between GSR and Cambridge Analytica, and its associate companies."</p><p>The committee will also demand that Facebook CEO Mark Zuckerberg, or someone similarly senior, attends the committee to answer questions about the incident.</p><p><em>Main image credit: Shutterstock</em></p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ CEBIT 2018: Huawei to bring 5G to German smart city project ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/smart-city/31283/cebit-2018-huawei-to-bring-5g-to-german-smart-city-project</link>
                                                                            <description>
                            <![CDATA[ Chinese giant hopes Duisberg pilot will see it build more smart cities across Europe ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">aKR11zgSGZG42gmt1FkT4B</guid>
                                                                                                                            <pubDate>Tue, 12 Jun 2018 20:05:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Policy and Legislation]]></category>
                                                    <category><![CDATA[Business]]></category>
                                                                                                                    <dc:creator><![CDATA[ Keumars Afifi-Sabet ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/EAvwpZggMZ2K5h8s2pTAEm.jpg ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                                        <content:encoded >
                            <![CDATA[
                            <article>
                                <p>Huawei hopes plans to digitise a German city will serve as a model that can be replicated across the whole of western Europe, with the launch of its Rhine Cloud platform to build smart city applications.</p><p>Duisburg, in west Germany, has partnered with Huawei and a Germany-based technology subsidiary DU-IT to digitise its infrastructure after signing a framework agreement at CEBIT 2018. This follows a Memorandum of Understanding (MoU) signed in January.</p><p>The region's citizens should expect the digitisation to manifest as more frequent Wi-Fi hotspots, intelligent learning tools, and in traffic management, among other innovations, with Rhine Cloud - Huawei's smart city and public services cloud platform - giving support to other providers to introduce digital applications.</p><p>"Earlier this year, we signed an MoU with the Mayor of Duisburg, aiming to build a fully-connected and digital city to boost the economy, and to build a better, intelligent city - improveing the living qualities of the citizens," said president of Huawei for western Europe, Vincent Pang.</p><p>"With Huawei's cutting-edge technology, we are confident with the cooperation of Duisburg this will become a big milestone for digital transformation in smart cities."</p><div  class="fancy-box"><div class="fancy_box-title"></div><div class="fancy_box_body"><p class="fancy-box__body-text"><a data-analytics-id="inline-link" href="https://www.itpro.com/machine-learning/31276/mayor-of-london-hails-capitals-ai-firms-as-he-reveals-smart-city-roadmap" data-original-url="/machine-learning/31276/mayor-of-london-hails-capitals-ai-firms-as-he-reveals-smart-city-roadmap">Mayor of London hails capital's AI firms as he reveals smart city roadmap</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/network-internet/31280/cebit-2018-huawei-launches-hybrid-cloud-offering-on-azure-stack" data-original-url="/network-internet/31280/cebit-2018-huawei-launches-hybrid-cloud-offering-on-azure-stack">CEBIT 2018: Huawei launches hybrid cloud offering on Azure Stack</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/big-data/30541/smart-cities-to-become-the-norm-by-2025" data-original-url="/big-data/30541/smart-cities-to-become-the-norm-by-2025">Smart cities to become the norm by 2025</a></p></div></div><p>Huawei said its smart city services feature in more than 120 cities across the world, with its aims to digitise Duisburg, which is home to half a million people, being lined up as a test run for expanding its smart city services in towns across Europe.</p><p>"The parties have signed an MoU a couple of months back, and adhere to use the cutting-edge technologies of Huawei to digitalise and modernise Duisburg, and make it an ICT project for the whole of the western European area," said Martin Murrack, Duisburg's head of digitisation, outlining why his city is an ideal candidate for the project.</p><p>"We're expecting Huawei to contribute its 5G and cable-less broadband to the project," he continued, adding that he hopes the project will "improve the quality of life for our citizens as well as boosting our economy".</p><p>The first application that takes advantage of Rhine Cloud is a digital twinning project demonstrated by NavVis, which hopes to digitally replicate physical spaces such as museums, with highly-detailed indoor mapping, and a series of advanced features, such as annotations.</p><p>The Munich-based company demonstrated the technology in a fully-immersive guided tour of Duisburg's Stadthistorisches Museum, but Dr Felix Reinshagen, NavVis CEO, added that this technology could be applied to a host of other public service needs, such as helping search and rescue efforts following disasters.</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ MPs urged to reject migrant clause in Data Protection Bill debate ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/data-protection/31077/mps-urged-to-reject-migrant-clause-in-data-protection-bill-debate</link>
                                                                            <description>
                            <![CDATA[ The bill faces its last Commons reading today, with activists set to seek a judicial review if amendment remains ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">s6QmjXrtc7qgiuh4Zi8h5A</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/rZxLohFtuFWKTzUCZsGfPg-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Wed, 09 May 2018 09:30:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[GDPR]]></category>
                                                    <category><![CDATA[Security]]></category>
                                                    <category><![CDATA[Data Protection]]></category>
                                                                                                                    <dc:creator><![CDATA[ Bobby Hellard ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/bsR2tHSyVKUoyXZF5pNsDA.jpg ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/rZxLohFtuFWKTzUCZsGfPg-1280-80.jpg">
                                                            <media:credit><![CDATA[null]]></media:credit>
                                                                                                                                                                                                                                                                                                                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/rZxLohFtuFWKTzUCZsGfPg-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>The government faces the threat of a judicial review if it doesn't scrap a clause from the Data Protection Bill that will deny three million EU citizens access to their Home Office records, privacy activists warned today.</p><p>The bill, which aims to incorporate the EU's <a href="https://www.itpro.com/it-legislation/27814/what-is-gdpr-everything-you-need-to-know" target="_blank" data-original-url="https://www.itpro.com/it-legislation/27814/what-is-gdpr-everything-you-need-to-know">General Data Protection Regulation (GDPR)</a> into UK law, is being debated in the House of Commons today, where the Open Rights Group and the3million, a grassroots organisation representing the EU citizens resident in the UK, hope the amendment will be thrown out.</p><p>If it isn't, the groups have repeated <a href="https://www.itpro.com/data-protection/30689/government-will-create-a-two-tier-data-protection-system-campaigners-warn" target="_blank" data-original-url="https://www.itpro.com/data-protection/30689/government-will-create-a-two-tier-data-protection-system-campaigners-warn">their warning that they will seek a judicial review</a>, arguing that the clause, which denies immigrants access to data that public bodies deem is relevant to "effective immigration control", is unlawful and contradictory to the bill.</p><p>"The Data Protection Bill is supposed to be about giving people greater control over their data, but it contains an exemption for immigration cases that does exactly the opposite," said Nicolas Hatton, co-founder of the3million argues is unlawful and contradictory to the bill.</p><p>"Everyone should be entitled to know how the Home Office and other government agencies are using their records, and that is why the3million support removing this shocking exemption."</p><p>Such a clause, opponents fear, would mean immigrants wouldn't be able to question the Home Office's case for deporting them, leaving them unable to defend their right to remain in the UK.</p><p>But the Open Rights Group and the3million are asking for support to fund their legal challenge.</p><div  class="fancy-box"><div class="fancy_box-title"></div><div class="fancy_box_body"><p class="fancy-box__body-text"><a data-analytics-id="inline-link" href="https://www.itpro.com/data-protection/30689/government-will-create-a-two-tier-data-protection-system-campaigners-warn" data-original-url="/data-protection/30689/government-will-create-a-two-tier-data-protection-system-campaigners-warn">Government will create 'a two-tier data protection system', campaigners warn</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/data-protection/29477/uk-moves-to-mirror-gdpr-with-data-protection-bill" data-original-url="/data-protection/29477/uk-moves-to-mirror-gdpr-with-data-protection-bill">UK moves to mirror GDPR with Data Protection Bill</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/data-protection/28085/what-is-the-data-protection-act-1998" data-original-url="/data-protection/28085/what-is-the-data-protection-act-1998">What is the Data Protection Act 1998?</a> General Data Protection Regulation (GDPR)</p></div></div><p>The bill faces its third reading in the House of Commons today, the final chance for MPs to debate its contents.</p><p>If the exemption remains, the Open Rights Group warned it could affect those seeking refuge in the UK, those affected by the Windrush scandal and the three million EU citizens who will have to submit their applications for a new immigration status after Brexit.</p><p>Jim Killock, executive director of Open Rights Group, claimed the government could use the exemption to cover up mistakes with immigration and deportation.</p><p>"People will need their personal records to prove that they are entitled to live in the UK. This is a matter of natural justice," he said.</p><p>"Using medical and educational records to trawl for potential suspects is equally worrying, as the government seeks to surveil the population in every way it finds convenient. Mistakes will be made, and lives disrupted or worse."</p><p>Other amendments to the bill that MPs will debate include one that would establish a "Leveson two" inquiry into the misuse of personal data by the media. English media organisations that refuse to sign up to an officially recognised regulator - the only current one is Impress - could face punitive legal costs.</p><p>A related amendment tabled by the Labour MPs Tom Watson and Liam Byrne proposes to force publishers that haven't signed up to the regulator to pay the legal costs of claimants who make legal proceedings against a news outlet, even if the publisher wins the case.</p><p>Their proposal has prompted a robust response from media outlets, such as the <em>Guardian</em>, whose owner,Guardian News & Media, has written to all MPs warning that the proposed amendment on section 40 would "further erode press freedom and have a severe chilling effect".</p><p><em>Picture: Shutterstock</em></p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Facebook is one of 30 organisations in ICO's sights ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/information-commissioner/30900/facebook-is-one-of-30-organisations-in-icos-sights</link>
                                                                            <description>
                            <![CDATA[ UK data regulator reveals scope of investigation into how data is used in political campaigns ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">fK86NEFpomdr2RwojHjSAi</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/kZXRa4kmeTPdGw8M6gk3RK-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Mon, 09 Apr 2018 07:53:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Data Protection]]></category>
                                                    <category><![CDATA[Security]]></category>
                                                                                                                    <dc:creator><![CDATA[ Keumars Afifi-Sabet ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/EAvwpZggMZ2K5h8s2pTAEm.jpg ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/kZXRa4kmeTPdGw8M6gk3RK-1280-80.jpg">
                                                            <media:credit><![CDATA[null]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Profile photograph of the Information Commissioner Elizabeth Denham]]></media:description>                                                            <media:text><![CDATA[Profile photograph of the Information Commissioner Elizabeth Denham]]></media:text>
                                <media:title type="plain"><![CDATA[Profile photograph of the Information Commissioner Elizabeth Denham]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/kZXRa4kmeTPdGw8M6gk3RK-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>The UK's data protection watchdog has confirmed Facebook is one of 30 organisations it is investigating over the use of personal data in political campaigns.</p><p>The Information Commissioner's Office (ICO) announced the scale of its probe into the use of personal data and analytics in the UK by political campaigns, parties, social media companies and commercial powers, following news that political consulting firm Cambridge Analytica <a href="https://www.itpro.com/data-insights/30795/cambridge-analytica-and-facebook-what-happened-and-has-it-impacted-any-votes" target="_blank" data-original-url="https://www.itpro.com/data-insights/30795/cambridge-analytica-and-facebook-what-happened-and-has-it-impacted-any-votes">allegedly took 50 million Facebook users' profiles without their consent</a> to help President Trump win the 2016 US election.</p><p>Information commissioner Elizabeth Denham said: "The ICO is looking at how data was collected from a third party app on Facebook and shared with Cambridge Analytica.</p><p>"We are also <a href="https://www.itpro.com/strategy/28683/ico-investigating-use-of-data-in-political-campaigns" target="_blank" data-original-url="https://www.itpro.com/strategy/28683/ico-investigating-use-of-data-in-political-campaigns">conducting a broader investigation</a> into how social media platforms were used in political campaigning."</p><p>She added: "This is an important time for privacy rights. Transparency and accountability must be considered, otherwise it will be impossible to rebuild trust in the way that personal information is obtained, used and shared online."</p><p>In addition to public policy recommendations, the investigation may lead to enforcement action, with the ICO retaining the power to issue fines, conduct an audit, serve an enforcement notice for organisations to take action, or even prosecute organisations for failure to comply with previous enforcement notices.</p><p>Denham noted that while she welcomed changes Facebook has made to its policy around third-party access to people's data, it is too early to assess whether they sufficiently comply with the law.</p><p>Details on the terms and scope of the investigation expands on the ICO's initial announcement of the investigation in May 2017 to examine whether <a href="https://www.itpro.com/strategy/28683/ico-investigating-use-of-data-in-political-campaigns" target="_blank" data-original-url="https://www.itpro.com/strategy/28683/ico-investigating-use-of-data-in-political-campaigns">whether political groups were using analytics in a way that breached data protection laws</a>.</p><p>At the Data Protection Practitioners' Conference over the weekend, Denham told delegates: "Our ongoing investigation into the use of personal data analytics for political purposes by campaigns, parties, social media companies and others will be measured, thorough and independent. Only when we reach our conclusions based on the evidence will we decide if enforcement action is warranted.</p><p>"The dramatic revelations of the last few weeks can be seen as a game changer in data protection. Suddenly, everyone is paying attention."</p><p>Meanwhile, senior figures linked with the Cambridge Analytica scandal have been summoned to appear before a House of Commons inquiry into fake news and misinformation.</p><p>Brittany Kaiser, former director of program development at Cambridge Analytica, will be interviewed by the Digital, Culture, Media and Sport Select Committee on 17 April, followed by Alexander Nix, its former CEO, on 18 April.</p><p>Meanwhile Mike Schroepfer, Facebook CTO, will appear before the House of Commons inquiry on April 26, while Mark Zuckerberg is <a href="https://www.itpro.com/data-protection/30842/facebook-data-privacy-scandal" target="_blank" data-original-url="https://www.itpro.com/data-protection/30842/facebook-data-privacy-scandal">set to appear before Congress next Wednesday</a>.</p><div  class="fancy-box"><div class="fancy_box-title"></div><div class="fancy_box_body"><p class="fancy-box__body-text"><a data-analytics-id="inline-link" href="https://www.itpro.com/data-insights/30795/cambridge-analytica-and-facebook-what-happened-and-has-it-impacted-any-votes" data-original-url="/data-insights/30795/cambridge-analytica-and-facebook-what-happened-and-has-it-impacted-any-votes">Cambridge Analytica and Facebook: What happened and has it impacted any votes?</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/policy-legislation/30887/why-cambridge-analytica-could-be-this-decades-enron" data-original-url="/policy-legislation/30887/why-cambridge-analytica-could-be-this-decades-enron">Why Cambridge Analytica could be this decade's Enron</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/data-protection/30842/facebook-data-privacy-scandal" data-original-url="/data-protection/30842/facebook-data-privacy-scandal">Zuckerberg to appear before Congress next week</a></p></div></div><p>Damian Collins MP, chair of the DCMS committee, last month called for more powers to be handed to the ICO to investigate data breaches.</p><p>Writing in the <a href="https://www.standard.co.uk/comment/comment/give-the-commissioner-more-power-now-to-investigate-data-companies-a3799101.html" target="_blank"><em>Evening Standard</em></a>, he said: "The serious questions that result from the investigations of the past week require us to change our approach to the use of personal data in communications and election campaigns.</p><p>"Clearly, the information commissioner needs more powers to check that tech companies are complying with the data protection law. This should include the immediate power to go into tech firms when necessary to review their systems to make sure our data is safe. We can't just take their word for it: someone has to have the power to look behind the curtain to see what they are doing."</p><p>Parties at the centre of the scandal have in recent days been coming to terms with their own shortcomings, in a bid to address criticism moving forward.</p><p>Facebook announced last week that it is <a href="https://t.co/oWj8uqds80" target="_blank">turning off the ability</a> to search for people using phone numbers and emails because most of its more than two billion users may have been at the mercy of "malicious actors" scraping their public profiles this way.</p><p>Meanwhile Sheryl Sandberg, Facebook's COO, <a href="https://www.itpro.com/data-protection/30792/cambridge-analytica-facebook-scandal" target="_blank" data-original-url="https://www.itpro.com/data-protection/30792/cambridge-analytica-facebook-scandal">finally broke her silence in an interview</a> with the <em>Financial Times</em>, admitting the company had underinvested in safety and security measures, but insisted operational attitudes were changing.</p><p><em>Picture credit: Information Commissioner's Office</em></p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ CLOUD Act ends Microsoft's US data privacy dispute ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/it-governance/30886/cloud-act-ends-microsofts-us-data-privacy-dispute</link>
                                                                            <description>
                            <![CDATA[ DoJ and Redmond giant ask Supreme Court to dismiss Irish data centre case ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">gffSHtEcEmEjQwztRJDa4o</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/NhX3bfXUVhu2fHBUENYf5D-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Wed, 04 Apr 2018 11:12:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Data Protection]]></category>
                                                    <category><![CDATA[Security]]></category>
                                                                                                                    <dc:creator><![CDATA[ Jane McCallion ]]></dc:creator>                                                                                    <dc:source><![CDATA[ null ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/NhX3bfXUVhu2fHBUENYf5D-1280-80.jpg">
                                                            <media:credit><![CDATA[null]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Microsoft sign outside building]]></media:description>                                                            <media:text><![CDATA[Microsoft sign outside building]]></media:text>
                                <media:title type="plain"><![CDATA[Microsoft sign outside building]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/NhX3bfXUVhu2fHBUENYf5D-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>A long-running court battle between Microsoft and the US government over data sovereignty appears to be drawing to a close, with both sides calling for the dismissal of the case in light of a new law.</p><p>The case, which has been ongoing since 2013, centres around a number of emails stored in Microsoft's Dublin data centre related to a criminal investigation into alleged drug trafficking. Redmond has repeatedly refused to comply with a warrant to hand over the emails to US law enforcement agencies, arguing that as the information is stored outside of the country it doesn't fall under the jurisdiction of American authorities.</p><p>Prosecutors in the case have countered by saying that because the data is held by an American entity - i.e. Microsoft - it falls under American jurisdiction, basing their arguments on the US Stored Communications Act from 1986.</p><div  class="fancy-box"><div class="fancy_box-title"></div><div class="fancy_box_body"><p class="fancy-box__body-text"><a data-analytics-id="inline-link" href="https://www.itpro.com/data-protection/30125/eu-intervenes-in-microsoft-and-uss-data-privacy-battle" data-original-url="/data-protection/30125/eu-intervenes-in-microsoft-and-uss-data-privacy-battle">EU intervenes in Microsoft and US's data privacy battle</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/security/26364/microsoft-vs-doj-redmond-giant-sues-us-department-of-justice-for-greater-transparency" data-original-url="/security/26364/microsoft-vs-doj-redmond-giant-sues-us-department-of-justice-for-greater-transparency">Microsoft vs DoJ: Redmond giant sues US Department of Justice for greater transparency</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/security/23102/microsoft-in-contempt-of-court-for-not-handing-over-dublin-email-details" data-original-url="/security/23102/microsoft-in-contempt-of-court-for-not-handing-over-dublin-email-details">Microsoft in contempt of court for not handing over Dublin email details</a></p></div></div><p>Over the course of the past five years, the case has been fought all the way up to the US Supreme Court and attracted interventions and amicus briefs from the likes of Apple, Cisco, AT&T and, most recently, <a href="http://www.cloudpro.co.uk/leadership/7230/eu-intervenes-in-microsoft-and-uss-data-privacy-battle" target="_blank">the European Union</a>.</p><p>It now seems, however, that this bitterly fought battle is coming to an end - for now, at least.</p><p>The US Department of Justice (DoJ) has requested the case be dismissed, <a href="https://uk.reuters.com/article/us-usa-court-microsoft/microsoft-calls-for-dismissal-of-u-s-supreme-court-privacy-fight-idUKKCN1HA2KH" target="_blank">according to <em>Reuters</em></a>, with Microsoft backing the call, despite the two presenting arguments to the Supreme Court justices as recently as 27 February.</p><p>The reason for the about turn is a new piece of legislation signed into effect by US president Donald Trump on 22 March, which both sides say effectively resolves the dispute. The CLOUD (Clarifying Lawful Overseas Use of Data) Act states that US law enforcement agencies have the right to issue and enforce warrants relating to data held by American companies abroad, although there is also recourse to object if the order is in conflict with foreign laws.</p><p>In the filing, Microsoft's lawyers said: "Microsoft agrees with the government that there is no longer a live case or controversy between the parties with respect to the question presented."</p><p>While it may be the end of this particular case, this isn't necessarily the end of the story completely. The DoJ has acquired a new warrant for the data governed by the new law, which means there's still opportunity for Microsoft to object and, indeed, for the whole cycle to start again.</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Apple pays HMRC an extra £137 million after 'extensive' audit ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/it-governance/30263/apple-pays-hmrc-an-extra-137-million-after-extensive-audit</link>
                                                                            <description>
                            <![CDATA[ Apple Europe had received much less income than it was due, resulting in a lower tax bill, says taxman ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">itaiKwUyDQV7vJW7iHwznC</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/voZ23MAPitZP8pJHpy2GZg-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Wed, 10 Jan 2018 12:32:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Security]]></category>
                                                                                                                    <dc:creator><![CDATA[ Joe Curtis ]]></dc:creator>                                                                                    <dc:source><![CDATA[ null ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/voZ23MAPitZP8pJHpy2GZg-1280-80.jpg">
                                                            <media:credit><![CDATA[null]]></media:credit>
                                                                                                                                                                                                                                                                                                                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/voZ23MAPitZP8pJHpy2GZg-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>Apple has paid the UK government another 137 million in added tax following an HMRC audit that found it had substantially underpaid one of its subsidiaries.</p><p>The "extensive audit" covers corporate tax for a number of years up to September 2015, during which time Apple Europe, which provides sales support, marketing and other services to fellow Apple subsidiaries, wasn't paid fair value for its services, according to the taxman.</p><p>As a result, Apple Europe paid an additional 136.9 million in tax, on top of 57.4 million for the 18 months leading up to April 2017, according to a strategic report filed with Companies House.</p><div  class="fancy-box"><div class="fancy_box-title"></div><div class="fancy_box_body"><p class="fancy-box__body-text"><a data-analytics-id="inline-link" href="https://www.itpro.com/strategy/30092/ireland-to-start-collecting-apples-13-billion-tax-bill" data-original-url="/strategy/30092/ireland-to-start-collecting-apples-13-billion-tax-bill">Ireland to start collecting Apple's €13 billion tax bill</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/mobile/30177/iphone-battery-problems" data-original-url="/mobile/30177/iphone-battery-problems">Apple battery slowdown lawsuits to be heard in one court case</a></p></div></div><p>An HMRC spokesperson said: "We do not comment on the tax affairs of individual companies. Multinational companies must pay all taxes due and we don't settle for less.</p><p>"Last year alone, HMRC secured and protected over 8 billion in additional tax revenue from the largest and most complex businesses."</p><p>The audit was first revealed by <em>The Financial Times</em>, which reported that it was down to Apple Europe's increased activities. Apple Europe's Companies House filing shows that as of April 2017 it employed 791 staff, up from 605 in 2015.</p><p><em>IT Pro</em> has asked Apple whether it has changed how much it pays its Apple Europe subsidiary following the audit, but the subsidiary's Companies House filing shows that in September 2015, it paid just 1.3 million in tax on profits of just 14.7 million. In contrast, pre-tax profits for the 18 months up to April last year stood at 297 million.</p><p>Apple has already fallen foul of the EU over back taxes, when the European Commission <a href="https://www.itpro.com/strategy/30092/ireland-to-start-collecting-apples-13-billion-tax-bill" target="_blank" data-original-url="https://www.itpro.com/strategy/30092/ireland-to-start-collecting-apples-13-billion-tax-bill">ordered Ireland to collect 13 billion in unpaid back taxes from the tech giant</a> in the summer of 2016. Both Apple and the Irish government are separately appealing the decision, but Apple has deposited the funds in an escrow account awaiting the outcome of the appeals.</p><p>Now, both the US Senate and authorities in France <a href="https://www.itpro.com/mobile/30177/iphone-battery-problems" target="_blank" data-original-url="https://www.itpro.com/mobile/30177/iphone-battery-problems">are scrutinising Apple's recent admission that it slowed batteries down on older iPhones to help them cope with more modern software</a>. Apple has denied slowing the batteries down to push people to upgrade to newer iPhones.</p><p><em>Picture credit: Mike Deerkoski</em></p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ 3 reasons why Nadine Dorries is totally wrong about password sharing ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/security/30089/3-reasons-why-nadine-dorries-is-totally-wrong-about-password-sharing</link>
                                                                            <description>
                            <![CDATA[ Frustration abounds as MPs expose their backwards security practises ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">uiCsMdYaUAaaM2z13NyyhB</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/T5otn7g3g38REfj2ZVHKvY-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Mon, 04 Dec 2017 17:33:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Data Breaches]]></category>
                                                    <category><![CDATA[Security]]></category>
                                                                                                                    <dc:creator><![CDATA[ Adam Shepherd ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/3n2BoLAtRj8Z5eRfxtwyK8.jpg ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/T5otn7g3g38REfj2ZVHKvY-1280-80.jpg">
                                                            <media:credit><![CDATA[null]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[facepalm sad social media]]></media:description>                                                            <media:text><![CDATA[facepalm sad social media]]></media:text>
                                <media:title type="plain"><![CDATA[facepalm sad social media]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/T5otn7g3g38REfj2ZVHKvY-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>Shh - what's that? If you listen very, very carefully, you'll hear it; it's the sound of countless security experts smashing their heads against their keyboards in frustration. The cause, <a href="https://www.itpro.com/security/28380/deeply-misguided-tech-industry-rejects-rudd-s-attack-on-encryption" target="_blank" data-original-url="https://www.itpro.com/security/28380/deeply-misguided-tech-industry-rejects-rudd-s-attack-on-encryption">as so often before</a>, is the government's laughable attitude to data privacy and cyber security.</p><p>Where to begin with this latest shambles? You may recall that First Secretary of State Damian Green was allegedly found to have rude and naughty pictures of the pornographic variety on his government-issued computer, which Green denies.</p><div  class="fancy-box"><div class="fancy_box-title"></div><div class="fancy_box_body"><p class="fancy-box__body-text"><a data-analytics-id="inline-link" href="https://www.itpro.com/security/29705/what-are-biometrics" data-original-url="/security/29705/what-are-biometrics">What are biometrics?</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/security/28576/dreaming-of-a-world-without-passwords" data-original-url="/security/28576/dreaming-of-a-world-without-passwords">Dreaming of a world without passwords</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/security/29093/what-is-phishing" data-original-url="/security/29093/what-is-phishing">What is phishing?</a></p></div></div><p>Nadine Dorries, Conservative MP for Mid Beds, leapt to Green's defence over the weekend, pointing out that if porn was found on Green's computer, it may not have been him who was downloading and/or viewing it on taxpayer time. After all, she said, her staff use her login to access her official computer all the time. Even interns on exchange programmes!</p><p>Er, sorry... What?</p><p>Yes folks, you read that correctly - Dorries is so free and easy with her access credentials that she even hands them out to visiting exchange students. To make matters worse, several of her fellow MPs admitted they also share their login details with staff, including Nick Boles, Will Quince and Robert Syms.</p><p>Of course, Dorries was quick to downplay the seriousness of her actions, stating that all she has on her computer is a shared email account, with no access to government documents. Boles, similarly, said that only the four people he employs to deal with correspondence from constituents have access to the passwords, which are regularly changed.</p><p>For the avoidance of doubt, let's be crystal clear: this is a dangerous, insecure and irresponsible practice. Under no circumstances should anyone be sharing one login between multiple staff members. There are numerous ways to ensure staff members can access a shared computer, mailbox or file storage system without having one login that simply gets passed around, and the fact that government MPs are apparently not using any of them is extremely alarming.</p><p>Dorries and co claim that sharing their login with staff isn't an issue, but let's take the time to unpick some of the many, many problems with these arguments.</p><p>Firstly, there's the issue of lateral movement. Dorries says that the only thing on the computer is a shared email account. Even if that's true, the computer itself is 'Westminster-based', and is likely to be connected to some kind of internal network. This opens up the possibility for lateral movement, using Dorries' machine as a way to gain access to a more important target within the network.</p><p>Then there's the issue of data protection. The shared mailbox used by the staff of Dorries and Boles presumably contains at least a partial list of constituents' names and email addresses, along with who knows what additional information shared as part of their correspondence. Behaviour like this puts all of that information at risk.</p><p>Last but not least, accountability is the biggest problem with using a shared login - and one that is best illustrated, ironically, by the very issue that prompted Dorries' admission in the first place. She is quite right in stating that if Green's access credentials were shared by his staff, there's no way of proving that it was him that was allegedly looking at porn, but that's a huge problem.</p><p>Let's imagine that, instead of perusing some nudes, the First Secretary of State was instead accused of using his computer to <a href="https://www.itpro.com/antivirus/30085/kaspersky-offers-hackers-100000-for-spotting-bugs" target="_blank" data-original-url="https://www.itpro.com/antivirus/30085/kaspersky-offers-hackers-100000-for-spotting-bugs">leak classified intelligence data to Russian agents</a>. With a single shared login, it's virtually impossible to trace the source of the leak back to the mole. If everyone has their own credentials, it's instantly obvious.</p><p>The concept of not sharing your username and password with anyone is a basic, fundamental tenet of cyber security best practice, and the tools to ensure that you shouldn't need to share your credentials have existed for years. Considering that the Tories are supposed to be the party of business, its own staff seem to be <a href="https://www.itpro.com/public-sector/29288/whatsapp-amber-not-getting-the-message" target="_blank" data-original-url="https://www.itpro.com/public-sector/29288/whatsapp-amber-not-getting-the-message">trailing laughably far behind the curve</a> when it comes to keeping up with industry security standards - which would be funny if it wasn't so alarming.</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
            </channel>
</rss>