celebrations are continuing in britain following the wedding of the queen's grandson prince harry to the american actress meghan markle. the couple ended the day with a private party for around 200 close friends and relatives. the bride will now be known as the duchess of sussex. the family of the teenage suspect in a texas high school shooting have told police they're shocked and confused at what's happened. dimitrios pagourtzis is alleged to have used a shotgun and a revolver to kill fellow students and teachers in an art class. two people remain critically ill in hospital. more residents have been rescued from their homes in hawaii as molten lava continues to pour from the ground following the eruption of the kilauea volcano. helicopters were sent to assist residents on the big island as a series of explosions sent ash clouds hundreds of metres into the sky. now on bbc news, it's time for click. it's time to pull the plug.

for the past decade, we've had our heads in our phones and our personal data in the cloud, on social networks hosted by websites in other countries as status updates. and it's not gone well, as big businesses have repeatedly abused our trust. in 2013, all 3 billion of yahoo! users‘ data was compromised in a hack. but it was kept secret from the victims for three years. google was fined by the eu

commission for using our data to push its own shopping comparison service. and no—one is impressed with what cambridge analytica did after sucking up facebook users‘ personal data and that of their friends through an app. for many of us, all this data hoovering and harvesting has been done with very little transparency or accountability as to why, how, or what they're going to do with these things. well, this week, click is taking a stand and saying it has all got to stop. no, no, sorry, spen. can we try that again? it's not click, is it? yeah, sorry. this week, the european union is taking a stand and saying it's all got to stop. enough is enough. good people! the time has come to reclaim our online lives! reclaim our personal data!

let us not be fooled into handing it all over because we are cheated or tricked or given no choice. if you are with me, rise up and say "no! "no more!" good! i think they got the message. and in a few days, we will have the tools to fight back, wherever our data springs up. this friday, the biggest shake—up of data protection laws for more than 20 years comes into force. it is the european union's general data protection regulation or gdpr. and it affects anyone who does business with people living in europe. and given the global nature of the internet these days, that pretty much means everyone. now so far, you might have encountered gdpr through all those e—mails you have been receiving asking you to resubscribe to mailing lists, but lots more is changing than that come friday, and lara lewington has the highlights. the gdpr affects the big

internet players in the us but also smaller organisations and aims to protect users because personal data. —— and aims to protect users‘ personal data. at its heart, it requires everyone to design data protection into their offerings with privacy settings set to high by default. phone rings. heard this before? all calls are recorded for training and security purposes. well, that may not be adequate under the gdpr, which states that you must actively give your consent, rather than it be assumed, and that you can withdraw that consent at any time. so, in this case, the company needs to wipe that call recording if you ask them to. eu citizens get the right to access their personal data and also find out who the company has shared it with and how they got it in the first place. if it was acquired in a dodgy way, you can ask the company to delete it, as well is any data that affects your fundamental rights. and the data must be deleted anyway

if it‘s no longer being used, so companies can‘t just hoard information on us for the sake of it. if it all goes wrong and the company fails to keep our data safe, then they must report the breach and tell us within 72 hours. no more keeping it hushed up. and if an organisation doesn‘t follow the rules, it can be fined up to 20 million euros, or as much as 4% of its annual worldwide turnover. for facebook, that would be a whopping 100 times that 20 million euro figure. there are two more rights that gdpr introduces. ever been frustrated when this happens? computer says no. well, from now on, you‘ll have the right to an explanation if an algorithm is left to make a decision about you. and you should be able to easily take the personal data stored about you to give it to another company, should you wish to change service or social network.

but how workable these last two points will be in practice remains to be seen. so that‘s how the new data rules are supposed to work. now we will go into more detail with dan simmons. dan, so far i think that most of the concern has been around social networks and the apps that sit on top of social networks hoovering up all our data ? yeah. but you‘ve been looking at something else which we use every day that might be even more guilty of hogging our data. yeah. do you know what sort of data your browser holds about you ? oh, i dread to think. ah, my search history, my address, i would have thought. your credit card details. is that mine? maybe your ccv number, perhaps. oi! the amount of personal information in a browser, i think, is kind of unparalleled as far as any other kind of information that's kind of stored on your computer. as far as how personal it is to you and how it reflects, kind of, on what you were thinking and what you were doing. ryan benson has built a tool that

can see everything your browser knows about you and you might be surprised. in many cases, he says, it‘s not very well protected, something the gdpr wouldn‘t look too kindly on. so what‘s out there about us and what can others see? i visited the top thousand most popular websites globally and saw what information they stored about you, kind of, in your browser. and one of these popular things that lots of websites store is geolocation information. if you‘re going more the cyber—stalking or cyber bullying route, now you know where somebody lives, maybe you know kind of where, maybe the coffee shop they frequent, if they pop up there quite often. so having some knowledge of where someone is physically can kind of open them up to whole different kind of attacks. ryan‘s new toy can be delivered in a simple phishing attack. 0ne misplaced click and he‘ll know which words you‘ve been searching on. a sort of brain dump of what you‘ve been doing or thinking. and with al, he reckons this could be enough to help swing a purchase or a vote. then right here, there‘s a thing for a login. so basically, the user saved their

login and saved their password. that is not your password, is it? that‘s not anymore. ah, but at one point... really? yep. so the browser has your password? i‘ve got your facebook account. exactly. remember, under the gdpr, anyone storing information must take steps to keep it safe. he didn‘t hack facebook, though — he hacked the browser. so kind of in a similar vein, we have the autofill entries here. so these are basically things that a user types in web forms and the browser, you know, helpfully tried to remember these for you. when you leave the browser, doesn‘t it get rid of that so that it‘s not available for a hacker to get hold of? no, generally the browser keeps this information stored so the next time you open up your browser again, it can helpfully suggest the things you have already typed. just come and have a look at what we‘ve already got on the screen here. we‘ve got an e—mail address, 0k, fair enough, but we‘ve also got what looks to me, possibly a home address? so here, so there‘s one form called security question, mother‘s maiden, and you

have an answer here. and all this data can be pulled from any browser? yeah, yeah, basically. ok, i‘m going to go one further. what about bank accounts? have we got details of people‘s bank accounts? yeah, if you type the information in the form, the website can capture it for you. and that‘s not protected in any way? ah, no, most websites, they do an extra level of protection around your credit card number, if they can figure out it‘s a credit card number, but even that protection is very trivial, kind of, to defeat. can you glean something like somebody‘s ccv number, so the number on the back of the credit card? yeah, yeah. you can definitely, ah, browsers try and identify credit cards and store them separately, but nothing‘s perfect. i‘ve definitely found ccv numbers stored along with — just in the same way that you can store your first name. so is ryan doing this to showjust how easy it is to hack your data out of your browser, or is he doing it so show what your browser knows about you ?

well, both. he thinks most people don‘t know about this huge wealth of very personal data that the browser has. and these new regulations coming in next friday will help people find that out. and just to be clear, a lot of browsers already have a security setting you can turn on that will block a lot of this tracking and autoform filling domain. they do. there are options in there that you can go into settings and change. while i was in san francisco, i decided to drop in on one of the big browser companies out there to get browsers are fundamentally an agent for you and me. and when a browser doesn't help you make decisions, we don't think it is doing enough work. the not—for—profit mozilla runs the browser firefox. the status quo on the internet right now, with how technology companies are interacting with people, isn‘t healthy. it needs to change. so if it‘s through legislation that looks like gdpr and it benefits individuals, individuals control the way their information is interacted with,

that is going to be better for the internet overall. one way to give us more control is firefox‘s recently introduced add—on facebook container to stop the social network tracking us. when you use facebook, it keeps all of the data that‘s being interacted with — your data, the cookie information, inside of facebook. so when you leave the tab that you are interacting with facebook in, you won‘t get those creepy ads that follow you around all over the internet. but will these moves be enough under the new gdpr? tweaking privacy options gives us more choice but will all browsers need to go further? these options that are offered notjust by mozilla but by other companies as well are often difficult to find, aren‘t they? how many people do actually use the don‘t track me? it is a good percentage and it has been increasing quite a bit. is it majority or minority? it is a minority but it has grown. i‘m taking from that not many people

actually switch these privacy features on? that‘s right. they don‘t. i asked for clarification by what they meant on a minority of users who actually do. and they said a low percentage. oh dear, that‘s not good then. right, so i‘m assuming that under gdpr, the right way to go is to make sure these features are turned on by default. yeah. by the regulation says high privacy by default. so you would expect that that would be where we‘re going with this. but they also use cookies that live outside the browser to personalise the browsing experience, so can‘t we carry on using those? so you remember the browsing hack that i did with ryan, when he showed us what the browser was storing about us? the interesting thing there was that most of that information is unencrypted. and it seems that websites are preferring to leave the information inside the browser, rather than take responsibility for locking it up in a separate cookie and having to store it themselves. i‘ve been speaking to a security expert who has headed up security in big banks like credit suisse, like deutsche, like most recently barclays bank, and he‘s got a theory about why that might be happening. the suspicion has to be that this is actually linked to the gdpr

rules, that organisations realise that if they hold the data in their own databases they then need to put an entire management slew around it to control that data. but if they send it to the browser and request the browser to send it back every time the user connects, it's no longer theirs to manage. 0k, what do people do if they are not happy about the way they think their data is being handled? if people do want to complain, they need to do it to their national data protection authority, in the uk it is the ico. now, steve‘s not a big fan of the ico. he doesn‘t reckon they‘ll be ready come the big day when the new regulation comes into force on friday. the general public's very unhappy with the way their data is being used at the moment. i think there is a likelihood that lots of people are just waiting for gdpr to come in and then they'll want to take some action. i think my concern is that the ico isn't really ready for this at the moment.

strong words there from steve gailey. so let‘s put those to nigel houlden from the information commissioner‘s 0ffice. do you have enough resources to actually enforce gdpr? we certainly do. we‘re ready, we‘ve been preparing for this for a couple of years now. we know what we want to achieve and we want to get the message out to the public that we‘re better protect their rights and get and get the message out to organisations that they need to abide by the laws, which aren‘t meant to punish them, by any means. they‘re actually there to help them strengthen their credibility with the public. we deal with an awful lot of cases, full stop. our staff has increased by about 70 or 80 people in the last six to 12 months. we‘re getting ready to recruit another 170 people over a similar sort of period. we know there‘s going to be more complaints. what kind of approach are you going to take to enforcing and punishing? the ico‘s always been pragmatic. and the commission is always very much of the opinion that encouragement and education is

the better way to go. we would much rather use the carrot than the stick. as for this talk of big fines, it‘s nonsense. that‘s not what the ico is about. that‘s not the way we want to work. those types of sanctions will be for the most wilful, deliberate, and continuous companies that flout the laws and regulations. do you think this is just going to breed a new era of skirting the rules, gaming the system? they won‘t get away with it. you asked me about recruitment. one of the things i‘m looking at shortly doing is recruiting a two—year comment into artificial intelligence to look at, deliberately, at algorithms, particularly opaque ones, and how we can investigate and build frameworks around that to order them properly, so we are well aware of what is coming and we are prepared for it. hello and welcome to the week in tech. it was the week that facebook

confirmed that boss mark zuckerberg would meet members of the european parliament to discuss privacy concerns and the fallout from the cambridge analytica scandal. microsoft showed off their adaptive controller — an xbox console controller designed specifically for disabled gamers. the device, which features two large buttons and 19 ports to accommodate extra devices, is due to go on sale later this year. and the vatican provided social media advice to nuns, asking them to engage in online news and social media with discretion and sobriety. it was also the week that boston dynamics showed off its atlas robot going for a jog. the company also announced that its spotmini will be going on sale to the public in 2019. handy for those who don‘t want to look after an actual dog. and finally, if your main problem with the idea of a new han solo film is that it lacks a certain scruffy—looking nerf—herding harrison ford, then nick acosta has you sorted. the photographer and film—maker has digitally swapped alden ehrenreich‘s

face with that of the slightly more iconic ford. interesting, if a little scary. next time, nick, two words — nicolas cage. the new european data laws will affect everyone from this friday. and simply getting prepared for them has taken over the lives of many people in all walks of life. it was last summer we first started to hear about them and hadn‘t got a clue how important they would be, why they would matter, if they would matter. there‘s just been a sort of growing sense of "oh, gosh," you know, "this is quite a big thing and it applies to us and we‘re going to have to do quite a lot of work around it." it is important in the sense that we hold a lot of sensitive data about children and families. but that‘s a responsibility we have always had and we have always taken very seriously.

we don‘t feel that we have an accurate picture of exactly the minimum standard we need to be meeting. we‘ve got to decide that. i very much feel the responsibility of getting it all right and i don‘t know that i will ever know for sure if we have done enough. and i read one article that estimated it was a three day a week job, this data protection, officer a role, in a large school. that‘s just impossible to find, you know. that is not feasible. so we have to think about how we can realistically manage that workload without it impacting them. well, that is a lot of work for people who, quite frankly, already have a dayjob. yeah, exactly. i mean, most firms will need to have, or appoint, a protection officer. right. and this is where it gets interesting. i‘ve been speaking to a number of security firms who reckon there could be a new form of cyber

attack based on the confusion that businesses have around how to be compliant with gdpr, especially given those 20 million euro fines. take a look at this. although gdpr itself will help companies defend themselves, it also brings out a new possible way of attacking them by basically forcing them to pay a ransom fee. so for example if i broke into a company, stole the information from them, i've got a couple of choices then — i could try and sell online for money, or i could go back to that company and say "look, unless you give me £100,0001'm gonna publish this information on the internet and force you to pay a fine for your gdpr non—regulation." that‘s an awful thought! yeah. yeah, it is, isn‘t it? i mean, there are a lot of good players but also a lot of bad players out there, looking at this new regulation and seeing how it‘s gonna hit. a lot depends on how the regional and the national data protection authorities choose to interpret these new rules. that will be key. good point. thank you, dan. you go that way, i‘m going this way because, as dan said, gdpr is not all upside. this is robert colvile.

robert, hi. hi. robert is the director of a free—market think tank. and you think there are problems with gdpr as well, don‘t you? i mean, it is supposed to pull these large american firms into line. what‘s wrong with that? well, the irony is that about the only people who can cope with it perfectly well are the large american firms, partly because they can afford very large legal departments and partly because it actually, in some ways, deepens in the moat around them. the people who are really struggling with this are small and medium—sized businesses. earlier in the program, we looked at how artificial intelligences are now also combing through the tons and tons of data that they are. i mean, surely we need something like gdpr so we get to find out what‘s going on inside that black box, how that algorithm has made that very important decision about us. data has a value. the fact that i want to have a chinese meal at the moment and i‘m searching for that isn‘t terribly interesting. the fact that i tend to like chinese restaurants is slightly more interesting. the fact that people of my age and my type who live in this sort of area tend to like chinese food and then in 20 years‘ time

are going to die of a heart attack because they like chinese food, that‘s really valuable. and that you can only get by smashing together really quite a lot of data in a way that the gdpr makes harder to do. 0k, robert, thank you very much for your time. that‘s the view of a sceptic but now, we are going to look at how gdpr could work in the future. lara lewington has been checking out some new transparent innovative solutions. think about data as the ingredients of the cake. in isolation, neither useful nor too valuable. but combine them just right and you‘ve baked something worth biting into. the trouble is most of us don‘t want to hand over all of our data on a plate. so maybe it is time that we take ownership. digi.me hopes to help us dojust that, collating the data from the apps and services we use. we can see it clearly within the app on our device, and an encrypted copy is stored in the cloud of our choosing. so think of it like this — the services that we use the most are going to have the largest slices of our data, so that could be google or facebook.

and then, the information collected from, say, our activity trackers would provide smaller pieces. digi.me believes if we are in control of our data, we may be willing to share more slices. so the companies accessing it would get a more accurate picture of us. and at the same time, we get to approve exactly what we are sharing and with who. so everything we do in the future requires more data. you are the only person in the world that can bring all of that data together about you, the only place it can come together. so if we want to do more with our data, which we do, we want to have personalised medicine, personalised recommendations, then we need to bring the data together and businesses need to be able to ask us. but it is not only private companies that we share so much with.

mara has volunteered to install sensors in her office, hoping to reduce noise in her neighbourhood. the council collected data from a number of months before agreeing that a piazza would decrease traffic, thus noise pollution, in her area. sharing data can be very powerful. for example, if we all shared our health data, we could find cures to many diseases, or new treatments. now, the problem is whether that data can be exploited by others for means that you didn‘t foresee. now, i want to share it on own terms. the barcelona council has partnered with decode, a body that aims for a more transparent way of sharing data. through its platform, the residents clearly see the data the city has on them and crucially, who has access to that data so they can set permissions as they see fit. we want to move to a world where the data is decentralised, citizens have proper sovereignty and ownership and they can collectively share the data, create data commons, with fair terms and condition to access the data. this is what we call

social rights to data. and if we are in control of our data, then why not try to make some money out of it ourselves? data on any habit has its value, even your water intake. datum is a service that lets you share that directly with a research company for a bit of dosh in return. the worth of all of our smart device information could really add up. so all these fledging ideas may allow for both the personalised services and the control over our privacy that we desire. that was lara and that is gdpr all wrapped up. now i guess we alljust have to wait and see how it all pans out from friday onwards. don‘t forget, if you get in touch with us on facebook and on twitter too. we live at @bbcclick.

thanks for watching and we‘ll see you soon. good morning. with the world‘s eyes fixed on the uk on saturday, the weather certainly came up trumps. you and i know it is not always like this. but through this coming week, there will be more warmth and sunshine to enjoy but a few exceptions. those exceptions will be mainly today across parts of scotland and northern ireland. the weather front edging in, bringing breezy and cloudy conditions and occasional rain. there will be mist and low cloud in east anglia and the south—east. here, the coolest of the weather. three or four degrees in the countryside to start the day. the mist and low cloud in the south—east will break up and burn back to the coast

through the day but we will stick with the cloud across western scotland and northern ireland, particularly with outbreaks of rain. sunshine a bit hazy across northern and western areas. for the south, blue skies away from the coast. there could be some patches of mist and sea fog through the english channel. inland, light winds, could be a degree warmer than it was on saturday. as i said, sunshine a bit hazier further north and breezy. still pleasant in eastern scotland, only the small threat of a shower, 21 the high in the murray firth. northern ireland and western scotland, including the northern isles, always that bit cloudier, occasional rain but there will be dry weather, too. these areas into sunday night will turn wetter and the rain becomes heavier and more persistent but we will see skies clear through eastern scotland and down through much of england and wales with the risk of some mist and sea fog around the coast. temperatures by night not dropping as much as they have done recently. one good news for the gardeners. the bad news is high pressure will still dominate through the start of the week so not much in the way of wet weather. plenty of watering of plants to be done. the wettest weather on monday

confined to scotland and northern ireland. heavy, persistent rain to start the day but with that high pressure building from the east, it will nudge off westwards. so many of you, including eastern parts of northern ireland and much of scotland by the end of monday, dry, sunny and warm again. an outside chance across southern counties of england of a small thunderstorm or heavy shower. same too on tuesday. most will be dry. a bit more cloud on tuesday through scotland and northern ireland but not much in the way of rain. the only thing is, it may take us into slightly cooler air in the far north of scotland, whereas further south, we stick with temperatures in the high—teens and low to mid—20s. indeed through the coming week with high pressure generally