Advanced Search
Content Type: Long Read
We won our case against the UK’s Security Service (MI5) and the Secretary of State for the Home Department (SSHD). The Investigatory Powers Tribunal (IPT) – the judicial body responsible for monitoring UK’s intelligence and security agencies – held that MI5 acted unlawfully by knowingly holding people’s personal data in systems that were in breach of core legal requirements. MI5 unlawfully retained huge amounts of personal data between 2014 and 2019. During that period, and as a result of these…
Content Type: Press release
In a landmark judgment, handed down today (Monday 30 January 2023), the Investigatory Powers Tribunal have found that there were “very serious failings” at the highest levels of MI5 to comply with privacy safeguards from as early as 2014, and that successive Home Secretaries did not to enquire into or resolve these long-standing rule-breaking despite obvious red flags.
Human rights organisations Liberty and Privacy International, who brought this significant legal case in January 2020, have…
Content Type: Long Read
Case: Privacy International v Secretary of State for Foreign and Commonwealth Affairs and others
Last update: December 2022
Summary
The UK Security and Intelligence Agencies (SIAs) – including Government Communications Headquarters (GCHQ), Security Service and Secret Intelligence Service – have been building massive comprehensive datasets of information on each and every individual. They have been collecting and combining information from multiple sources on unclear legal bases and with minimal…
Content Type: News & Analysis
What happened
On 22 July 2021, the Investigatory Powers Tribunal (IPT) issued a declaration on our challenge to the UK bulk communications regime finding that section 94 of the Telecommunications Act 1984 (since repealed by the Investigatory Powers Act 2016) was incompatible with EU law human rights standards. The result of the judgment is that a decade’s worth of secret data capture has been held to be unlawful. The unlawfulness would have remained a secret but for PI’s work.
You…
Content Type: Long Read
The Grand Chamber of the European Court of Human Rights ruled that the UK government’s historical mass interception program violates the rights to privacy and freedom of expression. The Court held that the program “did not contain sufficient “end-to-end” safeguards to provide adequate and effective guarantees against arbitrariness and the risk of abuse.” As a result the Court ruled that UK law "did not meet the “quality of law” requirement and was therefore incapable of keeping the “…
Content Type: Long Read
Summary
This case began in the UK in 2013, following Edward Snowden’s revelations that UK’s GCHQ was secretly intercepting, processing, and storing data concerning millions of people’s private communications, even when those people were of clearly of no intelligence interest (the ‘Tempora’ programme). It was also revealed that the UK government was accessing communications and data collected by the USA’s National Security Agency and other countries’ intelligence agencies. All of this was…
Content Type: Long Read
On 25 May 2021, the European Court of Human Rights issued its judgment in Big Brother Watch & Others v. the UK. Below, we answer some of the main questions relating to the case.
After our initial reaction, below we answer some of the main questions relating to the case.
NOTE: This post reflects our initial reaction to the judgment and may be updated.
What’s the ruling all about?
In a nutshell, one of the world’s most important courts, the Grand Chamber of the European Court of Human…
Content Type: Press release
The Grand Chamber of the European Court of Human Rights has today ruled that UK mass surveillance laws violate the rights to privacy and freedom of expression.
It found that:
The UK’s historical bulk interception regime violated the right to privacy protected by Article 8 of the European Convention on Human Rights and freedom of expression, protected by Article 10. Particularly it found that:
the absence of independent authorisation,
the failure to include the categories of selectors…
Content Type: Video
This case was made possible because of Edward Snowden’s disclosures in 2013, and through the combined work of Big Brother Watch, American Civil Liberties Union, Amnesty International, Bytes for All, Canadian Civil Liberties Association, Egyptian Initiative for Personal Rights, Hungarian Civil Liberties Union, Irish Council for Civil Liberties, Legal Resources Centre and Liberty.
Content Type: Video
<br />
It’s been a long road, starting at the UK’s Investigatory Powers Tribunal in 2013, but this case would have happened without Ed’s revelations, which revealed the extent of those surveillance programmes. Which is why (around a year ago now) we sat down with him to talk about this case, mass surveillance and what we can do to fight back.
Find out more about the case here: https://privacyinternational.org/legal-action/10-human-rights-organisations-v-united-kingdom
And…
Content Type: Frequently Asked Questions
On 27 October 2020, the UK Information Commissioner's Office (ICO) issued a report into three credit reference agencies (CRAs) - Experian, Equifax and TransUnion - which also operate as data brokers for direct marketing purposes.
After our initial reaction, below we answer some of the main questions regarding this report.
Content Type: News & Analysis
Privacy International (PI) welcomes today's report from the UK Information Commissioner's Office (ICO) into three credit reference agencies (CRAs) which also operate as data brokers for direct marketing purposes. As a result, the ICO has ordered the credit reference agency Experian to make fundamental changes to how it handles people's personal data within its offline direct marketing services.
It is a long overdue enforcement action against Experian.…
Content Type: News & Analysis
Almost a year and a half ago we complained about seven companies to three data protection authorities in Europe. These companies, ranging from AdTech to data brokers and credit rating agencies, thrive on the collection, exploitation and processing of personal data. They profile and categorise people - without our knowledge and infringing multiple legal requirements.
Now, the French Data Protection Authority CNIL has informed us that they are following the same route and …
Content Type: News & Analysis
In mid-2019, MI5 admitted, during a case brought by Liberty, that personal data was being held in “ungoverned spaces”. Much about these ‘ungoverned spaces’, and how they would effectively be “governed” in the future, remained unclear. At the moment, they are understood to be a ‘technical environment’ where personal data of unknown numbers of individuals was being ‘handled’. The use of ‘technical environment’ suggests something more than simply a compilation of a few datasets or databases.
The…
Content Type: News & Analysis
The Watson/Tele2 decision of the CJEU concerned section 1 and 2 of DRIPA and the Data Retention Regulations 2014. This contained the legislative scheme concerning the power of the Secretary of State to require communications service providers to retain communications data. Part 3 of the Counter-Terrorism and Security Act 2015 amended DRIPA so that an additional category of data - that necessary to resolve Internet Protocol addresses - could be included in a requirement to retain…
Content Type: Advocacy
RESPONSE OF PRIVACY INTERNATIONAL TO THE CONSULTATION ON THE GOVERNMENT’S PROPOSED RESPONSE TO THE RULING OF THE COURT OF JUSTICE OF THE EUROPEAN UNION ON 21 DECEMBER 2016 REGARDING THE RETENTION OF COMMUNICATIONS DATA
[Full response below]
Introduction
The consultation is in response to the judgment in Tele2 Sverige AB v Post-och telestyrelsen (Case-203/15) and R (Watson) v Secretary of State for the Home Department (Case C-698/15) [“Watson judgment”].
The case concerned…
Content Type: Explainer
In 2000, the Government told Parliament that the Regulation of Investigatory Powers Act 2000 (RIPA) was the total extent of surveillance powers that were needed. However, within weeks of RIPA receiving Royal Assent, a report from UK law enforcement was leaked, stating that the power the Government truly wanted was companies to retain communications data on all their users.
Immediately after 9/11 as governments around the world over-reached with new pieces of…
Content Type: Long Read
Six years after NSA contractor Edward Snowden leaked documents providing details about how states' mass surveillance programmes function, two states – the UK and South Africa – publicly admit using bulk interception capabilities.
Both governments have been conducting bulk interception of internet traffic by tapping undersea fibre optic cables landing in the UK and South Africa respectively in secret for years.
Both admissions came during and as a result of legal proceedings brought by…
Content Type: Advocacy
Privacy International provided comments to the UK Financial Conduct Authority on the Terms of Reference to its Credit Information Market Study.
We highlighted that:
Credit data (whether ‘traditional’ credit data; data from Open Banking sources, or other sources of data like social media) are hugely revealing of people’s lives far beyond the state of their financial affairs.
The affects upon consumer behaviour of this use of data in the credit sector extends beyond the choices they…
Content Type: Advocacy
Dear Chair and Committee colleagues,
Privacy International is an international NGO, based in London, which works with partners around the world to challenge state and corporate surveillance and data exploitation. As part of our work, we have a dedicated programme “Defending Democracy and Dissent” where we advocate for limits on data exploitation throughout the electoral cycle.
We have been closely following the important work of the Committee. Prompted by the additional evidence provided…
Content Type: News & Analysis
Today, Privacy International, along with nine other NGOs including Liberty and Amnesty International, attended a hearing before the Grand Chamber of the European Court of Human Rights (ECtHR) to revisit the Court's first ruling on our case challenging UK mass surveillance and intelligence sharing. In September 2018, the First Section of the ECtHR ruled that the UK government's mass interception program violates the rights to privacy and freedom of expression. Notwithstanding the positve aspects…
Content Type: Press release
The Irish Data Protection Commission has today launched an inquiry into the data practices of ad-tech company Quantcast, a major player in the online tracking industry. PI's 2018 investigation and subsequent submission to the Irish DPC showed how the company is systematically collecting and exploiting people's data in ways people are unaware of. PI also investigated and complained about Acxiom, Criteo, Experian, Equifax, Oracle, and Tapad.
PI welcomes this announcement and its focus on…
Content Type: Press release
Today, Privacy International has filed complaints against seven data brokers (Acxiom, Oracle), ad-tech companies (Criteo, Quantcast, Tapad), and credit referencing agencies (Equifax, Experian) with data protection authorities in France, Ireland, and the UK. Privacy International urges the data protection authorities to investigate these companies and to protect individuals from the mass exploitation of their data.
Our complaints target companies that, despite exploiting the data of millions of…