Advanced Search
Content Type: Long Read
Monday, February 24, 2020
This piece was written by Aayush Rathi and Ambika Tandon, who are policy officers at the Centre for Internet and Society (CIS) in India. The piece was originally published on the website Economic Policy Weekly India here.
In order to bring out certain conceptual and procedural problems with health monitoring in the Indian context, this article posits health monitoring as surveillance and not merely as a “data problem.” Casting a critical feminist lens, the historicity of surveillance practices…
Content Type: News & Analysis
Tuesday, October 27, 2020
Privacy International (PI) welcomes today's report from the UK Information Commissioner's Office (ICO) into three credit reference agencies (CRAs) which also operate as data brokers for direct marketing purposes. As a result, the ICO has ordered the credit reference agency Experian to make fundamental changes to how it handles people's personal data within its offline direct marketing services.
It is a long overdue enforcement action against Experian.
Read our Q&A on the report here.…
Content Type: Long Read
Friday, September 14, 2018
Yesterday, the European Court of Human Rights issued its judgement in Big Brother Watch & Others V. the UK. Below, we answer some of the main questions relating to the case.
What's the ruling all about?
In a nutshell, one of the world's most important courts, the European Court of Human Rights, yesterday found that certain UK laws about how intelligence agencies can spy on our internet communications breach our human rights. These surveillance laws have meant that the UK intelligence…
Content Type: Long Read
Q&A: EU's top court rules that UK, French and Belgian mass surveillance regimes must respect privacy
Tuesday, October 6, 2020
Content Type: Advocacy
Tuesday, August 14, 2018
We welcome the effort by the Pakistani Ministry of Information Technology and Telecommunications to regulate the processing of personal data in Pakistan, and take measures to guarantee the right to privacy as guaranteed under Article 14(1) of the Constitution: “[t]he dignity of man and, subject to law, the privacy of home, shall be inviolable.”
This legislative development is crucial and timely as Pakistan continues to embrace innovative governance initiatives and deploy data-intensive systems…
Content Type: News & Analysis
Tuesday, March 3, 2020
This piece was originally published by Unwanted Witness here.
Today marks exactly one year since Uganda passed its data protection law, becoming the first East African country to recognize privacy as a fundamental human right, as enshrined in Art 27 of the 1995 Uganda Constitution as well as in regional and International laws.
The Data Protection and Privacy Act, 2019 aims to protect individuals and their personal data by regulating processing of personal information by state and non-state…
Content Type: Long Read
Monday, February 24, 2020
Background
Kenya’s National Integrated Identity Management Scheme (NIIMS) is a biometric database of the Kenyan population, that will eventually be used to give every person in the country a unique “Huduma Namba” for accessing services. This system has the aim of being the “single point of truth”, a biometric population register of every citizen and resident in the country, that then links to multiple databases across government and, potentially, the private sector.
NIIMS was introduced as…
Content Type: Case Study
Thursday, June 25, 2020
The Ugandan government has a running contract with the Chinese tech giant, Huawei, to supply and install CCTV cameras along major highways within the capital, Kampala, and other cities.
While details of the contract remain concealed from the public, the Uganda Police Force (UPF) released a statement, simply confirming its existing business partnership for telecommunication and surveillance hardware, and software between the security force and Huawei. However, it is not clear whether the…
Content Type: News & Analysis
Friday, March 13, 2020
Almost a year and a half ago we complained about seven companies to three data protection authorities in Europe. These companies, ranging from AdTech to data brokers and credit rating agencies, thrive on the collection, exploitation and processing of personal data. They profile and categorise people - without our knowledge and infringing multiple legal requirements.
Now, the French Data Protection Authority CNIL has informed us that they are following the same route and launching an…
Content Type: Long Read
Tuesday, October 22, 2019
The pressing need to fix our cybersecurity (mis)understandings
Despite all the efforts made so far by different, cybersecurity remains a disputed concept. Some states are still approving cybersecurity laws as an excuse to increase their surveillance powers. Despite cybersecurity and cybercrime being different concepts, the confusion between them and the broad application of criminal statutes is still leading to the criminalise legitimate behaviour.
All of this represents a sizable challenge…
Content Type: Long Read
Wednesday, May 15, 2019
Details of case:
R (on the application of Privacy International) (Appellant) v Investigatory Powers Tribunal and others (Respondents)
[2019] UKSC 22
15 May 2019
The judgment
What two questions was the Supreme Court asked to answer?
Whether section 67(8) of RIPA 2000 “ousts” the supervisory jurisdiction of the High Court to quash a judgment of the Investigatory Powers Tribunal for error of law?
Whether, and, if so, in accordance with what principles, Parliament may by statute “oust”…
Content Type: News & Analysis
Monday, September 16, 2019
Today, the High Court of South Africa in Pretoria in a historic decision declared that bulk interception by the South African National Communications Centre is unlawful and invalid.
The judgment is a powerful rejection of years of secret and unchecked surveillance by South African authorities against millions of people - irrespective of whether they reside in South Africa.
The case was brought by two applicants, the amaBhungane Centre for Investigative Journalism and journalist Stephen…
Content Type: Press release
Thursday, May 2, 2019
The Irish Data Protection Commission has today launched an inquiry into the data practices of ad-tech company Quantcast, a major player in the online tracking industry. PI's 2018 investigation and subsequent submission to the Irish DPC showed how the company is systematically collecting and exploiting people's data in ways people are unaware of. PI also investigated and complained about Acxiom, Criteo, Experian, Equifax, Oracle, and Tapad.
PI welcomes this announcement and its focus on…
Content Type: Long Read
Wednesday, May 13, 2020
This article has been written by our partner organisation InternetLab. Read this article in Portuguese here.
Over the last months, the organisation InternetLab has researched privacy, data protection, gender, and social protection, focusing on the beneficiaries of the Bolsa Familia Program (PBF). The PBF is the most extensive Brazilian cash transfer program, and its functioning is linked to CadÚnico, a database that comprises 40% of the country’s population. Moreover, it is a program whose…
Content Type: Long Read
Monday, October 17, 2016
On 17 October 2016, the Investigatory Powers Tribunal handed down judgment in a case brought by Privacy International against the Foreign Secretary, the Home Secretary and the three Security and Intelligence Agencies (MI5, MI6 and GCHQ).
The case concerned the Agencies’ acquisition and use of bulk personal datasets (‘BPD’) – datasets that contain personal data about individuals, the majority of whom are unlikely to be of intelligence interest, such as passport databases and finance-related…
Content Type: News & Analysis
Monday, August 19, 2019
The Watson/Tele2 decision of the CJEU concerned section 1 and 2 of DRIPA and the Data Retention Regulations 2014. This contained the legislative scheme concerning the power of the Secretary of State to require communications service providers to retain communications data. Part 3 of the Counter-Terrorism and Security Act 2015 amended DRIPA so that an additional category of data - that necessary to resolve Internet Protocol addresses - could be included in a requirement to retain data.
The…
Content Type: News & Analysis
Wednesday, January 15, 2020
Today Advocate General (AG) Campos Sánchez-Bordona of the Court of Justice of the European Union (CJEU), issued his opinions (C-623/17, C-511/18 and C-512/18 and C-520/18) on how he believes the Court should rule on vital questions relating to the conditions under which security and intelligence agencies in the UK, France and Belgium could have access to communications data retained by telecommunications providers.
The AG addressed two major questions:
(1) When states seek to impose…
Content Type: Advocacy
Tuesday, November 19, 2019
As any data protection lawyer and privacy activist will attest, there’s nothing like a well-designed and enforced data protection law to keep the totalitarian tendencies of modern Big Brother in check.
While the EU’s data protection rules aren’t perfect, they at least provide some limits over how far EU bodies, governments and corporations can go when they decide to spy on people.
This is something the bloc’s border control agency, Frontex, learned recently after coming up with a plan to…