Source: The Telegraph published on this site Tuesday 3rd July 2018 by jill Powell
James Titcomb writes:
Investigations into online child abuse risk being "significantly hampered" by the recent EU data crackdown, the National Crime Agency has warned.
The agency said online criminals would be able to hide their identity because new data protection laws affect a vital database of website owners used to fight cyber crime.
The “Whois” registry contains names and contact details for millions of website owners but police forces have seen access to the service throttled in recent weeks, making it harder to track down the owners of illegal websites.
Some data providers are now blocking access to the service across the European Union because the EU's GDPR legislation bans the sharing of personal data without individuals’ consent.
At a glance | Your data rights under GDPR
The General Data Protection Regulation (GDPR) is a tough regulation regime for companies that gather personal data, introduced by the EU in April 2016. Enforcement begins 25 May 2018.
The GDPR legislates eight data rights for individuals:
- Right to be informed – You must be clearly informed when your data is collected and the purpose for which it is intended.
- Right of access – You must be allowed to view the data companies have gathered on you.
- Right to rectification – You have the right to correct erroneous information about yourself in a company’s data records.
- Right of erasure – Also known as the “right to be forgotten”. You have the right to request the deletion of personal data held on you, although this right is not absolute.
- Right to restrict processing – You can request the suppression of your personal data file, or restrict its processing.
- Right to data portability – You have the right to take the data a company has collected on you and share it elsewhere, eg. to get a better customer deal.
- Right to object – You have the right to object and prevent your data being used for particular purposes, eg. for direct marketing. This right is superseded by legal claims.
- Rights related to automatic decision-making – You may only be profiled with your explicit consent, where this is necessary to enter into a contract or where such processing is authorised by the state.
Post-Brexit the UK is likely to introduce its own equivalent data protection law. In any case, companies which gather data on EU citizens will have to abide by the GDPR.
More than a month since the new law, Icann, the Los Angeles-based organisation that governs the system, has failed to reach an agreement with EU data regulators that would allow cyber crime units special access to the data.
The NCA, which last week attended a summit in Panama to push the organisation to solve the issue, has now warned that the standoff threatens cyber crime investigations.
“Access to all current Whois data is vital for National Crime Agency and wider law enforcement investigations,” a spokesman said.
“Without access to it, our ability to protect the UK from serious organised crime via investigations into data breaches, malware and DDoS [denial of service cyber] attacks, as well as into child sexual exploitation and abuse, will be significantly hampered.
Government bodies are meant to enjoy a special status that gives them access to the database but this has so far not been agreed.
The NCA said: “We have been, and continue to, work with government, national and international law enforcement agencies, Icann and global registries [which provide the data] to agree on a solution that will allow us to access information we require, whilst adhering to the new regulations that are now in place.”
Several companies that offer access to the database have restricted the information across Europe in recent weeks, and some internet companies have allowed individuals to register new website names without having to provide their personal data.
John Carr, an internet security and safety expert, said some crime agencies had stopped requesting data since GDPR came into force on May 25.
Last week, a government panel that advises Icann urged the organisation to address the issue “as a matter of urgency”.
