Advanced Search
Content Type: News & Analysis
What happened
On 22 July 2021, the Investigatory Powers Tribunal (IPT) issued a declaration on our challenge to the UK bulk communications regime finding that section 94 of the Telecommunications Act 1984 (since repealed by the Investigatory Powers Act 2016) was incompatible with EU law human rights standards. The result of the judgment is that a decade’s worth of secret data capture has been held to be unlawful. The unlawfulness would have remained a secret but for PI’s work.
You…
Content Type: Frequently Asked Questions
On 27 October 2020, the UK Information Commissioner's Office (ICO) issued a report into three credit reference agencies (CRAs) - Experian, Equifax and TransUnion - which also operate as data brokers for direct marketing purposes.
After our initial reaction, below we answer some of the main questions regarding this report.
Content Type: News & Analysis
Privacy International (PI) welcomes today's report from the UK Information Commissioner's Office (ICO) into three credit reference agencies (CRAs) which also operate as data brokers for direct marketing purposes. As a result, the ICO has ordered the credit reference agency Experian to make fundamental changes to how it handles people's personal data within its offline direct marketing services.
It is a long overdue enforcement action against Experian.…
Content Type: News & Analysis
Almost a year and a half ago we complained about seven companies to three data protection authorities in Europe. These companies, ranging from AdTech to data brokers and credit rating agencies, thrive on the collection, exploitation and processing of personal data. They profile and categorise people - without our knowledge and infringing multiple legal requirements.
Now, the French Data Protection Authority CNIL has informed us that they are following the same route and …
Content Type: Press release
The Irish Data Protection Commission has today launched an inquiry into the data practices of ad-tech company Quantcast, a major player in the online tracking industry. PI's 2018 investigation and subsequent submission to the Irish DPC showed how the company is systematically collecting and exploiting people's data in ways people are unaware of. PI also investigated and complained about Acxiom, Criteo, Experian, Equifax, Oracle, and Tapad.
PI welcomes this announcement and its focus on…
Content Type: Press release
Today, Privacy International has filed complaints against seven data brokers (Acxiom, Oracle), ad-tech companies (Criteo, Quantcast, Tapad), and credit referencing agencies (Equifax, Experian) with data protection authorities in France, Ireland, and the UK. Privacy International urges the data protection authorities to investigate these companies and to protect individuals from the mass exploitation of their data.
Our complaints target companies that, despite exploiting the data of millions of…
Content Type: Long Read
It’s 15:10 pm on April 18, 2018. I’m in the Privacy International office, reading a news story on the use of facial recognition in Thailand. On April 20, at 21:10, I clicked on a CNN Money Exclusive on my phone. At 11:45 on May 11, 2018, I read a story on USA Today about Facebook knowing when teen users are feeling insecure.
How do I know all of this? Because I asked an advertising company called Quantcast for all of the data they have about me.
Most people will have never heard of…
Content Type: Long Read
The UK's domestic-facing intelligence agency, MI5, today admitted that it captured and read Privacy International's private data as part of its Bulk Communications Data (BCD) and Bulk Personal Datasets (BPD) programmes, which hoover up massive amounts of the public's data. In further startling legal disclosures, all three of the UK's primary intelligence agencies - GCHQ, MI5, and MI6 - also admitted that they unlawfully gathered data about Privacy International or its staff. You can read the…
Content Type: Press release
We found this image here
The Investigatory Powers Tribunal (IPT) today held that, for a sustained period, successive Foreign Secretaries wrongly gave GCHQ unfettered discretion to collect vast quantities of personal customer information from telecommunications companies.
The judgment exposes:
· the error-ridden and inconsistent evidence provided by GCHQ throughout the case;
· the willingness of telecommunications companies to secretly hand over customer data on the basis of mere verbal…
Content Type: Press release
Hearing: Cross examination of senior GCHQ official about Intelligence Agencies’ use of massive databases of information about everyone in the UK
When: Monday 26 February 2018, 3.15pm
Where: Royal Courts of Justice, Court 28, Strand, London WC2A 2LL
Summary
This is the first time GCHQ have given open evidence in the Investigatory Powers Tribunal (The Tribunal). It is also the first time they will be cross examined by Privacy International on serious misleading errors they provided in…
Content Type: Press release
The Case
Privacy International v Secretary of State for Foreign and Commonwealth Affairs et al. (Bulk Personal Datasets & Bulk Communications Data challenge)
Date: 5-9 June 2017
Time: from 10:00 onwards
Location: Royal Courts of Justice, The Strand, London WC2A 2LL United Kingdom
Hearing overview
Next week’s hearing follows the Investigatory Powers Tribunal’s earlier judgment in October 2016, which ruled that three issues are to be determined:
…
Content Type: Long Read
On 8 September 2017, the Investigatory Powers Tribunal decided to refer questions to the Court of Justice of the European Union (‘CJEU’) concerning the collection of bulk communications data (‘BCD’) by the Security Intelligence Agencies from mobile network operators.
The BCD regime was initially secret. In an earlier judgment, the Investigatory Powers Tribunal ruled that the regime was not compliant with the European Convention on Human Rights prior to its public avowal, but (subject to…
Content Type: Press release
Key points
Bulk Communications Data (BCD) collection, commenced in March 1998, unlawful until November 2015
Bulk Personal Datasets regime (BPD), commenced c.2006, unlawful until March 2015
Everyone’s communications data collected unlawfully, in secret and without adequate safeguards until November 2015
We maintain that even post 2015, bulk surveillance powers are not lawful
As the Investigatory Powers Bill is set to become law within weeks, we argue that the authorisation and…
Content Type: Long Read
On 17 October 2016, the Investigatory Powers Tribunal handed down judgment in a case brought by Privacy International against the Foreign Secretary, the Home Secretary and the three Security and Intelligence Agencies (MI5, MI6 and GCHQ).
The case concerned the Agencies’ acquisition and use of bulk personal datasets (‘BPD’) – datasets that contain personal data about individuals, the majority of whom are unlikely to be of intelligence interest, such as passport databases and finance-related…
Content Type: Press release
Today Sir Stanley Burnton, the Interception of Communications Commissioner, published a highly critical review of the use of Section 94 of the Telecommunications Act 1984 for gathering vast amounts of our communications data in bulk. This obscure clause pre-dates the internet era, but has been used for nearly two decades for mass surveillance. Today is the first time that these powers have been criticised by an independent statutory body. IOCCO is critical of the Government's use of these…
Content Type: Long Read
1984: A broad law, a broad power and a whole lot of secrecy
In the wake of litigation brought by Privacy International (‘PI’) and as the Government prepared to introduce the Draft Investigatory Powers Bill (‘IP Bill’) in November 2015, there was a cascade of ‘avowals’- admissions that the intelligence agencies carry out some highly intrusive surveillance operations under powers contained in outdated and confusing legislation.
It is disappointing that it has been almost six months since…
Content Type: News & Analysis
The Investigatory Powers Bill introduced on Tuesday 1 March contains the same range of ‘bulk powers’ envisaged in the earlier draft: bulk interception warrants; bulk acquisition warrants; bulk equipment interference warrants; and bulk personal dataset warrants.
These powers, if adopted as currently envisaged in the Bill, would codify a practice of mass, untargeted surveillance by the UK intelligence services.
In the last couple of years, some of the mass surveillance powers used by…