Advanced Search
Content Type: Long Read
Creative Commons Photo Credit: Source
In the midst of continued widespread public outrage at the US government’s brutal ‘zero-tolerance’ policy around immigration – multiple data and analytics companies have quietly avoided answering questions about their role in feeding the US Immigration and Customs Enforcement (ICE) agency’s data backbone. These companies are bidding to work with an agency that has time and time again shown itself to be a brutal and problematic.
Privacy International…
Content Type: Advocacy
This photo originally appeared here.
For years, Privacy International and our partners in Kenya have been promoting the right to privacy in Kenya through research and investigations into government and private sector policies and practices and advocating for the adoption and enforcement of the strongest data protection and privacy safeguards.
The need for Kenya to adopt a comprehensive data protection framework (in addition to strengthening privacy protections in other legislation) has always…
Content Type: Long Read
Privacy and data protection are currently being debated more intensively than ever before. In this interview, Frederike Kaltheuner from the civil rights organisation Privacy International explains why those terms have become so fundamentally important to us. The article was first published in the newly launched magazine ROM. The interview was conducted by ROM publisher Khesrau Behroz and writers Patrick Stegemann and Milosz Paul Rosinski.
Frederike Kaltheuner, you work for Privacy…
Content Type: Long Read
Yesterday the UK's Information Commissioner's Office (ICO) - which is responsible for ensuring people's personal data is protected - announced it intends to fine Facebook the maximum amount possible for its role in the Cambridge Analytica scandal.
This decision highlights of how serious and rampant misuse and exploitation of data is. Facebook is responsible and failed to comply with data protection 101: be upfront and honest about what you are doing with people's data.
Importantly, the ICO's…
Content Type: Press release
Privacy International (PI) has today sent an open letter to the President of Thomson Reuters Corporation asking whether he will commit to ensuring the multinational company’s products or services are not used to enforce cruel, arbitrary, and disproportionate measures, including those currently being implemented by US immigration authorities.
Documentation shows that Thomson Reuters Corporation is selling access to highly sensitive and personal data to the US Immigration and Customs Enforcement…
Content Type: Long Read
The European Union's new data privacy law (General Data Protection Regulation, better known as GDPR) takes effect today May 25th, 2018, after a two-year transition period. Despite some companies appearing to believe otherwise, and many articles misrepresenting its contents, the GDPR will have a significative impact beyond the European Union, and it will extend many of its data privacy safeguards to users’ data globally.
There are a number of reasons that explain this impact:
Obligations…
Content Type: Long Read
We found the image here.
Open a Russian Matryoshka doll and you will find a smaller doll inside. Ask a large data company such as Acxiom and Oracle where they get their data from, and the answer will be from smaller data companies.
Data companies – a catch all term for data brokers, advertisers, marketers, web trackers, and more – facilitate a hidden data ecosystem that collects, generates and supplies data to wide variety of beneficiaries. The beneficiaries of the ecosystem can include other…
Content Type: Press release
On the day that GDPR comes into force, PI has launched a campaign investigating a range of data companies that make up a largely hidden data ecosystem. This hidden data ecosystem is comprised of thousands of non-consumer facing data companies - such as Acxiom, Criteo, Quantcast - that amass and exploit large amounts of personal data. Using the rights and obligations provided for within the new data privacy law, PI's campaign involves investigating a selection of these companies whose business…
Content Type: Long Read
Privacy and data protection are fundamental rights. When respected they help improve trust and reduce power imbalances. Individuals should have rights over their personal data, regardless of who holds or processes it, and effective ways to enforce those rights, through independent bodies.
While not an ideal solution, GDPR gives individuals more control over their personal data. Rather than burdening individuals with managing and protecting their data, the onus will be on the companies to do so…
Content Type: Press release
WASHINGTON, D.C. – U.S. companies should adopt the same data protection rules that are poised to go into effect in the European Union on May 25, Public Citizen, the Center for Digital Democracy and Privacy International said today.
In a sign-on letter, 28 groups are calling on some of the world’s largest companies – including Facebook, Google and Amazon, as well as digital advertisers like Nestle, Walmart and JPMorgan Chase – to use Europe’s impending General Data Protection Regulation (GDPR…
Content Type: Press release
Tomaso Falchetta, PI's Head of Advocacy and Policy team said:
"The adoption of the Data Protection Act represents an important reform which strengthens the rights of individuals and increases obligations for the industry. The Act opens the way for the application of the EU General Data Protection Regulation in the UK, and regulates the processing of personal data by companies, public authorities, law enforcement, and intelligence agencies. PI particularly welcome increased powers for the…
Content Type: Advocacy
Today Privacy International, with TACD, published a document detailing 10 things that US companies need to know about the forthcoming General Data Protection Regulation (GDPR).
People’s data should be treated with the highest privacy protections no matter where they are based. Privacy is a fundamental human right and data protection is intrinsically linked to it. While GDPR is not perfect, it does provide enforceable rights and obligations. If US companies want to demonstrate true commitment…
Content Type: Long Read
We found the image here.
When we browse the internet, go to work, drive down the street, go shopping, interact with institutions, or simply move through the city, data is collected about us.
Advanced profiling technologies answer questions we did not raise. They generate knowledge we did not anticipate, but are eager to apply. As knowledge is power, profiling changes the power relationships between the profilers and the profiled.
In a world where everything we do becomes more and more…
Content Type: Report
In contrast to automated decision-making, profiling is a relatively novel concept in European data protection law. It is now explicitly defined in Article 4(4) of the EU General Data Protection Regulation (GDPR), and refers to the automated processing of data (personal and not) to derive, infer, predict or evaluate information about an individual (or group), in particular to analyse or predict an individual’s identity, their attributes, interests or behaviour.
Through profiling, highly…
Content Type: Advocacy
At the core of data protection debates, there is a power play between empowering individuals to control their data and empowering those who use (or want to) use their data. By regulating data processing, it provides avenues for individuals to exercise their rights if there is any unlawful interference in this power play.
It is crucial for any regulatory framework to be centred around the protection of human rights, autonomy and dignity, and therefore essential to ensure that…
Content Type: Advocacy
Privacy International's briefing on the UK's Data Protection Bill for the second reading in the House of Commons.
Content Type: Long Read
To celebrate International Data Privacy Day (28 January), PI and its International Network have shared a full week of stories and research, exploring how countries are addressing data governance in light of innovations in technology and policy, and implications for the security and privacy of individuals.
At the core of data protection debates, there is a power play between empowering individuals to control their data and empowering those who use (or want to) use their data.
By…
Content Type: News & Analysis
It has been almost 40 years since the Council of Europe’s Convention 108 for the Protection of Individuals with regard to Automatic Processing of Personal Data was signed. The Convention was the first binding treaty dealing with privacy and data protection that recognised the necessity to “reconcile the fundamental values of the respect for privacy and the free flow of information between peoples” and is the reason why we celebrate Data Protection Day annually on 28 January.
It has since been…
Content Type: Long Read
The era where we were in control of the data on our own computers has been replaced with devices containing sensors we cannot control, storing data we cannot access, in operating systems we cannot monitor, in environments where our rights are rendered meaningless. Soon the default will shift from us interacting directly with our devices to interacting with devices we have no control over and no knowledge that we are generating data. Below we outline 10 ways in which this exploitation and…
Content Type: News & Analysis
This post was written by Chair Emeritus of PI’s Board of Trustees, Anna Fielder.
The UK Data Protection Bill is currently making its way through the genteel debates of the House of Lords. We at Privacy International welcome its stated intent to provide a holistic regime for the protection of personal information and to set the “gold standard on data protection”. To make that promise a reality, one of the commitments in this government’s ‘statement of intent’ was to enhance…
Content Type: News & Analysis
Privacy International’s Data Exploitation Programme Lead was invited to give evidence to the Select Committee on Artificial Intelligence at the U.K. House of Lords. The session sought to establish how personal data should be owned, managed, valued, and used for the benefit of society.
Link to the announcement of the session: https://www.parliament.uk/business/committees/committees-a-z/lords-select/ai-committee/news-parliament-2017/data-evidence-session/
Full video recording of the session:…
Content Type: Press release
While welcoming the objective of the Bill, Privacy International has sent a briefing to the House of Lords and a letter to Minister of State for Digital, Matt Hancock MP, outlining key concerns and recommendations. The Bill's stated aim is “to create a clear and coherent data protection regime”, and to update the UK data protection law, including by bringing the EU General Data Protection Regulation (GDPR) and the Data Protection Law Enforcement Directive (DPLED) - into the UK domestic system.…
Content Type: News & Analysis
The major overhaul of data protection laws in Europe is finally over, after three years of arduous and sustained political and lobbying activity by all those with a major stake and interest, including us at Privacy International (See our initial analysis of the two laws in 2012). We welcome this long overdue closure, but is this 91-articled, 200-paged piece of legislation been worth the enormous effort and no doubt millions of euros, dollars and pounds spent on it?
The legislative package…
Content Type: News & Analysis
The argument that human rights are a Western concept and that privacy is not a concern for the developing world was rejected last week in a two-day civil society seminar held in Dakar, Senegal.
More than 30 members of West African civil society participated in the seminar on privacy and data protection, organised by Jonction with the support of the Senegalese Commission for Data Protection. Participants denounced the shortcomings of governments and the private sector in…
Content Type: News & Analysis
A full analysis of the UK Information Commissioner's "Anonymisation code of practice: managing data protection risk" will take time and working knowledge of how the code is used in practice.
At the launch, the ICO signalled that while they believed the code was now up to scratch, they were open to additions and clarifications given that it is the first document of its kind in the world. We applaud them for this; the code is likely to be copied internationally, so it is particularly…
Content Type: News & Analysis
Tuesday’s letter to Google CEO Larry Page, personally signed by 29 European data protection authorities, ordered the corporation (inter alia) to give users greater control over their personal information. The notions of trust and control are emphasised throughout the letter, and Google is urged to "…develop new tools to give users more control over their personal data" and "collect explicit consent for the combination of data for certain purposes". It is good news that the…