A brief history of our legal successes

At Privacy International, we challenge companies and governments who infringe on our privacy and facilitate, as well, violations of other human rights.

Our most recent challenge is against Clearview AI, a company that trawls the internet to save photos of our faces to form part of their biometric database to sell. We have filed complaints alongside 3 other organisations with regulators in the UK, France, Italy, Austria and Greece. Our goal is a clear message that there is no place in society for these exploitative systems. Learn more by visiting our campaign page.

We actively use legal instruments to demand change. Read on below to learn more about how we have been able to take on powerful institutions that use our data in violation of our rights and win.

Our legal work can take years to produce a result, often at a great financial expense. We challenge companies and governments with bigger budgets, larger teams and more resources. The odds are stacked against us, but we continue to fight.

If you’re able to, please consider supporting our work in challenging abusive practises around the world. Donate Here

Grand Chamber of the European Court of Human Rights rules UK mass surveillance laws violate privacy and freedom of expression

One of the world’s most important courts, the Grand Chamber of the European Court of Human Rights, found that certain UK laws about how intelligence agencies can spy on our internet communications breach our rights to privacy and freedom of expression.

These surveillance laws have meant that the UK intelligence agencies can sweep up huge amounts of our internet communications (what is referred to in the law as ‘bulk interception’) in secret and without any oversight. This can include social media posts, emails sent and received, internet searches, websites you visit, and apps that you use.

Creepy!

The 25 May 2021 ruling is an important win for privacy and freedom for everyone, not only in the UK but across Europe and the world. The judgement offers some pieces of the puzzle for stronger protections in the future and will contribute to ensuring stronger safeguards.

This was no small effort. This legal challenge took the combined resources of 16 non governmental organisations (NGOs) and activists over an eight year stretch. In fact, it took so long that at least seven children were born among the lawyers involved in the case.

We expect the 27 EU member states to review their surveillance laws and practices in light of this judgment and bring them to line with the Court’s jurisprudence. It’s a step in the right direction, but we continue to fight against indiscriminate mass surveillance.

Read More

TWO FOR ONE: A 5 year victory at the High Court against the government’s use of ‘general warrants’ and a historic win in the Supreme Court.

This victory was a two part win for Privacy International.

Firstly, in 2016, the Investigatory Powers Tribunal (IPT) - the UK tribunal tasked with examining complaints against the UK intelligence services - stated that the UK government could lawfully use sweeping ‘general warrants’ to engage in computer hacking of thousands or even millions of devices, without any approval by a judge or individualised reasonable grounds for suspicion.

Privacy International challenged these mass hacking practices in the IPT. During the proceedings, the government asserted that it could rely on ‘general warrants’ to conduct hacking. The UK Government even argued that it would be lawful in principle to use a single warrant to hack every mobile phone in a UK city.

We didn’t stop fighting, however. In January 2021, the UK High Court held that the security and intelligence services cannot rely on these general warrants to authorise wide-ranging property interference and certain forms of computer hacking. In the digital age, where a general warrant could easily enable spying on hundreds, thousands or even millions of people, this is a major victory for privacy.

Secondly, this win only happened because we challenged the IPT procedures in the Supreme Court. In May 2016, Privacy International challenged the IPT’s decision in the UK High Court, but the Government’s response was to argue that Tribunal decisions were not subject to judicial review (a challenge to the lawfulness of a decision by a public body). We decided this wasn’t right, and we took this to the UK Supreme Court. They ruled that IPT decisions are subject to judicial review in the High Court. Because of PI, IPT judgments are now able to be challenged - an extra step to ensure justice.

Read more about general warrants
Read more about our historic Supreme Court victory

Privacy International filed complaints with multiple data protection regulators to investigate potential data protection infringements by data brokers, ad-tech companies and credit referencing agencies.

Privacy International filed complaints against seven data brokers (Acxiom, Oracle), ad-tech companies (Criteo, Quantcast, Tapad), and credit referencing agencies (Equifax, Experian) with data protection authorities in France, Ireland, and the UK. We urged the data protection authorities to investigate these companies and to protect individuals from the mass exploitation of their data.

Our complaints targeted companies that, despite exploiting the data of millions of people, are not household names and therefore rarely have their practices challenged.

Following PI’s investigation and campaign:

• The Irish Data Protection Commission has launched an inquiry into the data practices of ad-tech company Quantcast, a major player in the online tracking industry. Read more

• The French Data Protection Authority CNIL has informed us that they are following the same route and launching an investigation into one of these companies, Criteo! Read more

• After our 2018 complaint, the UK regulator took enforcement action against one of the largest global companies, Experian. As a result, Experian have to make fundamental changes to how it handles people’s personal data within its direct marketing services. Read more

We have repeatedly said that, when the General Data Protection Regulation (GDPR) came into effect, the real test for GDPR would be in its enforcement. The ICO report and enforcement notice sends a strong message to this opaque and complex industry that has long operated without respecting data protection standards and our privacy.

Hopefully, this report will offer guidance to the further regulation of this industry and hidden exploitation practices across the EU and beyond.

Read more

While our legal work has resulted in some redressing of the imbalance of power between privacy abusers and the general public, it also takes a very long time to get results. Can you chip in to support our work in fighting back? Donate here!