Share this page!

Enter URL or ID to Unroll

You can paste full URL like: https://x.com/threadreaderapp/status/1644127596119195649
or just the ID like: 1644127596119195649

How to get URL link on X (Twitter) App

  1. On the Twitter thread, click on or icon on the bottom
  2. Click again on or Share Via icon
  3. Click on Copy Link to Tweet
  4. Paste it above and click "Unroll Thread"!
  5. More info at Twitter Help
Heather Burns Profile picture
Heather Burns
@WebDevLaw
Gigging UK tech policy wonk + author, Understanding Privacy + 2022 Internet Society Mid-Career Fellow. Personal tweets. IANAL.
Jun 15 5 tweets 2 min read
There's been a seismic development over the past day where Ofcom - which, as an independent regulator, didn't seem to get the memo about purdah - has quietly sent a large swathe of the age verification industry homeward tae think again. 1/4 On the Today programme, Melanie Dawes confirmed what the entire digital rights field has been saying for years: the magic technological solutions that corporate lobbyists built the OSA around, quite simply, aren't fit for purpose.
(clip from behind a paywall, with thanks) Online platforms looking to enforce age thresholds for access by children have been warned by the UK online safety regulator that facial age estimation tools aren't accurate enough to use for young teens. The Online Safety Act, currently being implemented, will require that services aimed at adults, such as pornography sites, will have to use age assurance technologies to keep under-18s out. For mixed sites, which could include social media, it won't set any minimum ages but will hold platforms to enforcing the age they state in their terms, typically 13 years old. Speaking on the BBC in re...
Jun 5 4 tweets 2 min read
I say this as half a joke, half not : at some point you’ll be better off using a 15 year old laptop with 15 year old software, not connected to the internet, not updated, and not snitching on you to 1200 adtech partners via legitimate interest while scanning your content with AI. Me, I miss the good old days, when all you had to do to get the software you needed for your job was select a code off a sheet of paper, in front of a van, at The Barras, give the code to a guy with an earpiece, and wait ten minutes for the guy in the van to burn your CD-Roms.
Nov 21, 2022 4 tweets 2 min read
My July post is exploding again, as people suss the fact that if a single precious British child can access your Mastodon server, full compliance with the UK's Online Safety Bill will hit you. I've only been warning about the OSB x OSS for four years. webdevlaw.uk/2022/07/11/you… Also see this quick follow-up post about why small projects are in scope, and the attitudes your little server will be up against. webdevlaw.uk/2022/07/13/her…
Nov 19, 2022 4 tweets 2 min read
Gutted and angry to see that good people were taken advantage of by a dodgy conference. But relieved to see it all coming out immediately. Other communities take note. Seriously, this *hurts*, and I'm only reading it in my kitchen.
Dec 14, 2021 16 tweets 3 min read
Report is out. First impression is that it is rather pleased with itself. Humility in public service isn't a thing these days.

First takes follow, from the freedom of speech / proportionality / govt overreach perspectives I've focused on for 2 1/2 years now... 1) Recommends that e2e should be identified as a specific risk factor in risk assessments - does not go hardline against it, as many have recommended, but it's not out of the woods yet;
Jul 11, 2021 4 tweets 2 min read
Great comments from @AlecMuffett here. ID companies are lobbing UK gov to introduce phrenology as an identifier for internet access. Yes, that means using the webcam to measure your head to determine that you are a precious British child. #SunlitUplands theguardian.com/politics/2021/… Incidentally, one of the companies promoted in this article is participating in the ICO's regulatory sandbox, e.g. developing along the very edge of privacy law.
But as you know, UK gov is preparing to deregulate pesky privacy law in favour of "innovation".
Follow that thought.
May 12, 2021 10 tweets 3 min read
🧵You're going to read a lot today about the government's plans for the Online Safety Bill on #onlineharms, a regulatory process which has eaten up much of the past two years of my professional work. I suppose if I had a hot take to offer after two years, it's this: 1) If you see the bill being presented as being about "social media" "tech giants" "big tech" etc, that's bullshit. It impacts *all services of all sizes, based in the UK or not. Even yours.* Bonus: take a drink every time a journo or MP says the law is about reining in Facebook.
Apr 29, 2021 4 tweets 2 min read
It's taken less than three weeks for India to go from this to taking down posts critical of the government in a national emergency. Think that couldn't happen here too? We, and other groups, have been very clear on how the UK's plans would hand a gift to authoritarian regimes. One MP's response to that, last week, in a Parliament committee: to hell with other countries. "Chi Onwurah: I would. I want to touch briefly on a rea
Apr 7, 2021 9 tweets 3 min read
I know we talk a lot lately about the UK's assault on e2e encryption, and it may seem a bit over the top, but it's important to understand what's on the table, and what policymakers are being told. Here a thread about e2e in the #onlineharms context. It centres on a report released last month by the Centre for Social Justice, and endorsed by the former Home Secretary, Sajid Javid. Folks in power read these reports and follow their recommendations. Have a look at page 52. centreforsocialjustice.org.uk/wp-content/upl…
Jul 16, 2020 12 tweets 4 min read
For years, the US has defiantly refused to reform its surveillance powers, or implement a Federal-level privacy law which respects privacy as a human right and safeguards the data of non-Americans. The CJEU has just ruled that enough is enough. Today's ruling could have had implications for the Brexit transition, had SCCs been invalidated. That part remains. The ruling is, however, a warning shot to the UK's process of securing an adequacy decision. We are a Five Eyes ally with domestic surveillance issues of our own.
Dec 26, 2019 4 tweets 1 min read
Um, yes, yhat's exactly how trade deals work. For the 1,000th time: the UK cannot have a data adequacy agreement until it is a third country outside the EU, not before; and because of surveillance & human rights issues there's no way in hell we'll get one.
thetimes.co.uk/edition/news/b… Watch out for a lot of this: journalism painting the lack of a adequacy agreement as EU intransigence, when it's entirely the UK demanding the entitlement to remain a member of a club it's leaving without the club's rules applying to it.
Apr 24, 2018 17 tweets 3 min read
Watching @UKHouseofLords Comms committee hearing on internet regulation - tweetings may follow.
parliament.uk/business/commi… There is no means of independently auditing social media companies' self-regulation - co-regulation may be the way forward. Focus tends to be quantitative (how many offensive posts taken down) than qualitative (how many takedown requests were accurate.)
Jan 27, 2018 9 tweets 3 min read
This is a thread for those of you who say coders and developers should take no role in politics. Those of you who watched my #WCLDN talk last year already heard this story. You can hear it again.

This was Rene Carmille, and that is a punch card. Image of Rene Carmille Rene Carmille was the comptroller general of the French army. He eventually headed up the French census. Census data - innocuous, straightforward facts about people - was tabulated on IBM punch cards. Then the Nazis came.