Advanced Search
Content Type: News & Analysis
We have been fighting for transparency and stronger regulation of the use of IMSI catchers by law enforcement in the UK since 2016. The UK police forces have been very secretive about the use of IMSI catchers – maintaining a strict “neither confirm nor deny” (NCND) policy. In our efforts to seek greater clarity we wrote to the UK body which monitors the use of covert investigatory powers, the Investigatory Powers Commissioner’s Office (IPCO), asking the Commissioner to revisit this…
Content Type: Long Read
Case: Privacy International v Secretary of State for Foreign and Commonwealth Affairs and others
Last update: December 2022
Summary
The UK Security and Intelligence Agencies (SIAs) – including Government Communications Headquarters (GCHQ), Security Service and Secret Intelligence Service – have been building massive comprehensive datasets of information on each and every individual. They have been collecting and combining information from multiple sources on unclear legal bases and with minimal…
Content Type: News & Analysis
What happened
On 22 July 2021, the Investigatory Powers Tribunal (IPT) issued a declaration on our challenge to the UK bulk communications regime finding that section 94 of the Telecommunications Act 1984 (since repealed by the Investigatory Powers Act 2016) was incompatible with EU law human rights standards. The result of the judgment is that a decade’s worth of secret data capture has been held to be unlawful. The unlawfulness would have remained a secret but for PI’s work.
You…
Content Type: Frequently Asked Questions
On 27 October 2020, the UK Information Commissioner's Office (ICO) issued a report into three credit reference agencies (CRAs) - Experian, Equifax and TransUnion - which also operate as data brokers for direct marketing purposes.
After our initial reaction, below we answer some of the main questions regarding this report.
Content Type: News & Analysis
Privacy International (PI) welcomes today's report from the UK Information Commissioner's Office (ICO) into three credit reference agencies (CRAs) which also operate as data brokers for direct marketing purposes. As a result, the ICO has ordered the credit reference agency Experian to make fundamental changes to how it handles people's personal data within its offline direct marketing services.
It is a long overdue enforcement action against Experian.…
Content Type: News & Analysis
In September 2019, PI published the report Your Mental Health for Sale. Our investigation looked into popular mental health websites and their data sharing practices.
Our findings suggest that, at the time of the research, most websites we looked at were using third party tracking for advertising purposes, sometimes relying on programmatic advertising technologies such as Real Time Bidding (RTB), sharing personal data with potentially thousands of actors. Some websites were also found sharing…
Content Type: Report
The majority of people today carry a mobile phone with them wherever they go, which they use to stay connected to the world. Yet an intrusive tool, known as an International Mobile Subscriber Identity catcher, or “IMSI catcher” is a form of surveillance equipment that enables governments and state authorities to conduct indiscriminate surveillance of mobile devices, and by extension, on users.
IMSI catchers can do much more than monitor and intercept mobile communications. Designed to imitate…
Content Type: News & Analysis
IMSI catchers (or stingrays as they are known in the US) are one of the surveillance technologies that has come to the forefront again in the protests against police brutality and systemic racism that have been sparked by the murder of George Floyd on 25 May 2020.
An International Mobile Subscriber Identity catcher – in short an “IMSI catcher” – is an intrusive piece of technology that can be used to locate and track all mobile phones that are switched on in a certain area. It does so by…
Content Type: News & Analysis
Almost a year and a half ago we complained about seven companies to three data protection authorities in Europe. These companies, ranging from AdTech to data brokers and credit rating agencies, thrive on the collection, exploitation and processing of personal data. They profile and categorise people - without our knowledge and infringing multiple legal requirements.
Now, the French Data Protection Authority CNIL has informed us that they are following the same route and …
Content Type: Press release
The Irish Data Protection Commission has today launched an inquiry into the data practices of ad-tech company Quantcast, a major player in the online tracking industry. PI's 2018 investigation and subsequent submission to the Irish DPC showed how the company is systematically collecting and exploiting people's data in ways people are unaware of. PI also investigated and complained about Acxiom, Criteo, Experian, Equifax, Oracle, and Tapad.
PI welcomes this announcement and its focus on…
Content Type: Press release
The Case
Privacy International v Secretary of State for Foreign and Commonwealth Affairs et al. (Bulk Personal Datasets & Bulk Communications Data challenge)
Date: 5-9 June 2017
Time: from 10:00 onwards
Location: Royal Courts of Justice, The Strand, London WC2A 2LL United Kingdom
Hearing overview
Next week’s hearing follows the Investigatory Powers Tribunal’s earlier judgment in October 2016, which ruled that three issues are to be determined:
…
Content Type: Press release
Key points
Bulk Communications Data (BCD) collection, commenced in March 1998, unlawful until November 2015
Bulk Personal Datasets regime (BPD), commenced c.2006, unlawful until March 2015
Everyone’s communications data collected unlawfully, in secret and without adequate safeguards until November 2015
We maintain that even post 2015, bulk surveillance powers are not lawful
As the Investigatory Powers Bill is set to become law within weeks, we argue that the authorisation and…
Content Type: Long Read
On 17 October 2016, the Investigatory Powers Tribunal handed down judgment in a case brought by Privacy International against the Foreign Secretary, the Home Secretary and the three Security and Intelligence Agencies (MI5, MI6 and GCHQ).
The case concerned the Agencies’ acquisition and use of bulk personal datasets (‘BPD’) – datasets that contain personal data about individuals, the majority of whom are unlikely to be of intelligence interest, such as passport databases and finance-related…