Advanced Search
Content Type: Examples
In 2018, experiments showed that despite the company's denials, ads could be targeted at specific Facebook users via information that the users had never given Facebook, such as phone numbers.
The reason: Facebook allows advertisers to upload their own lists of phone numbers of email addresses, and the service will use them to put ads in front of users associated with those details. The company also uses information supplied for security purposes, including phone numbers provided for two-…
Content Type: Examples
In June 2018 Facebook announced it would install new controls to improve members' understanding of how companies targeted them with advertising, including letting them know if a data broker supplied the information. This was the second update to the company's policies in 2018; in March it attempted to ban the use of data brokers but pulled back when advertisers threatened to pull their business.
https://uk.reuters.com/article/us-facebook-privacy-broker/facebook-releases-new-privacy-safeguards-…
Content Type: Examples
In November 2018, HSBC announced a serious data breach in its US business between October 4 and 14, when fraudsters used credential stuffing to gain access to detailed account information relating to about 1% of its 1.4 million US customers. HSBC said that in response it had strengthened its login and authentication processes and implemented additional layers of security. The bank gave affected customers a year's credit monitoring and identity fraud protection, and reminded customers to use…
Content Type: Examples
In July 2018 the three-year-old payment system Revolut notified the UK's National Crime Agency and the Financial Conduct Authority that it had found evidence of money laundering on its system. From its beginnings as a prepaid credit card operator, Revolut had branched out into small business services and cryptocurrencies. Former employees suggest that although the company recently participated in an industry-wide review of money laundering checks and was in compliance with the EU's PSD2, its…
Content Type: Examples
In 2018, the Berlin-based researcher Hang Do Thi Duc concluded after analysing more than 200 million public transactions made in 2017 that anyone can track the purchase history of a user of the peer-to-peer payment app Venmo. By accessing the data via an open API, Do Thi Duc was able to view the names, transaction dates, and messages sent with payment for all users who hadn't changed their settings to private. Venmo's default setting is "public", and does not clearly highlight how to change it…
Content Type: Examples
In 2017, Britain's' two biggest supermarkets, Tesco and Sainsbury's, which jointly cover 45% of the UK's grocery market, announced they would offer discounts on car and home insurance based on customers' shopping habits. For example, based on data from its Nectar card loyalty scheme, Sainsbury's associates reliable, predictable patterns of visits to stores with safer and more cautious driving, and therefore offers those individuals cheaper insurance. For some products, Sainsbury's also mines…
Content Type: Examples
In 2018, based on an analysis of 270,000 purchases between October 2015 and December 2016 on a German ecommerce site that sells furniture on credit, researchers at the National Bureau of Economic Research found that variables such as the type of device could be used to estimate the likelihood that a purchaser would default. The difference in rates of default between users of iOS and Android was about the same as the difference between a median FICO credit score and the 80th percentile of FICO…
Content Type: Examples
The common reporting standard brought in by the UK's HMRC in 2018 require tax authorities to automatically exchange information on millions of citizens living abroad. In response, an EU citizen domiciled in Italy who formerly lived in the UK and maintains a UK bank account, filed a complaint with the UK's data protection regulator arguing that sharing this data exposed her to risk of cyber hacking or accidental leaks and therefore violates GDPR. Developed by the OECD, the common reporting…
Content Type: Examples
In September 2017, the UN Capital Development Fund, the UN Development Programme, and the non-profit San Francisco-based startup Kiva, which has worked for 13 years as a crowd-funded microlending platform announced a joint initiative to open up financial services to the 20% of the Sierra Leone population - 7 million citizens - who have no credit history or proof of formal identity and are therefore unable to start businesses, raise loans, or generally access mainstream financial services. The…
Content Type: Examples
A flaw in the official 2018 UK Conservative Party conference app granted both read and write access to the private data of senior party members, including cabinet ministers, to anyone who logged in by second-guessing the email address they used to sign into the app. Twitter users claimed that one leading politician, Boris Johnson, had his avatar briefly replaced by a pornographic image, while another, Michael Gove, had his replaced by that of media magnate Rupert Murdoch. The app was…
Content Type: News & Analysis
Palantir and the UN’s World Food Programme (WFP) are partnering for a reported $45 million. Palantir, a US-based company that sells data software and has been the centre of numerous scandals.
The World Food Programme provides assistance in food and nutrition to around 92 million people each year. Systems that are produced in agreements such as the one between WFP and Palantir increase risks to the people the they are attempting to help. There are risks to both individuals and whole populations…
Content Type: News & Analysis
Dear will.i.am,
We saw your piece in the Economist and were very excited to learn that you care about privacy as much as we do. At PI we expose government and corporate bad behaviours, we disrupt their plans, and identify a hopeful path forward.
That’s why we very much agree with you that people need much more protection, transparency and control over their personal data. Cheers for: “I want to have it clearly explained in plain language who has access to my camera, to my photos, who’s…
Content Type: Long Read
Over the past year, the Privacy International Network has uncovered, campaigned, and advocated on how trends in surveillance and data exploitation are increasingly affecting our right to privacy.
To celebrate Data Privacy Day on 28 January, we shared a full week of stories and research, exploring how countries are addressing data governance, and the implications for our security and privacy.
Monday - Exposing Harms, Fighting Back
It is often communities who are already the most…
Content Type: Long Read
During the last World Economic Forum in Davos, the CEO of Microsoft joined the chorus of voices calling for new global privacy rules, saying the following in regard to the new European General Data Protection Regulation (GDPR):
“My own point of view is that it's a fantastic start in treating privacy as a human right. I hope that in the United States we do something similar, and that the world converges on a common standard."
We have come a long way. From tech companies fighting and…
Content Type: Long Read
The Privacy International Network is celebrating Data Privacy Week, where we’ll be talking about how trends in surveillance and data exploitation are increasingly affecting our right to privacy. Join the conversation on Twitter using #dataprivacyweek.
Since 2014, the Privacy International Network has produced State of Privacy reports, a collaborative effort to record global privacy and related issues.
As we close Data Privacy Week this year, we’re pleased to share an update of the…
Content Type: Explainer
This is the third part of Understanding Identity Systems. Read Part 1: Why ID?, and Part 2: Discrimination and Identity.
Biometrics
Biometrics are the physiological and behavioural characteristics of individuals. This could be fingerprints, voice, face, retina and iris patterns, hand geometry, gait or DNA profiles. However, the legal definition of ‘biometrics’ may differ – in some contexts, it may be defined by law, whereas in others it may not have, or only have…
Content Type: Explainer
This is the second part of Understanding Identity Systems. Read Part 1: Why ID?, and Part 3: The Risks of ID.
The existing identity landscape
Every country has an existing landscape of ways in which people can identify themselves. This can include an existing ID card system, but also a range from birth registration, to passports, to driver licenses. The effectiveness of these systems may be unevenly distributed, or otherwise problematic.
The nature of the existing ID landscape…
Content Type: Explainer
Introduction
Of all the data-intensive initiatives that a government can introduce, some of the largest are ID systems. They have implications across a broad range of human and civil rights. How do we begin to critique an ID system, to begin to understand its strengths and weaknesses? There are a series of issues that we believe should be addressed in the development of any ID system.
This could be of particular relevance to civil society organisations (CSOs): this is because civil…
Content Type: Long Read
The Privacy International Network is celebrating Data Privacy Week, where we’ll be talking about how trends in surveillance and data exploitation are increasingly affecting our right to privacy. Join the conversation on Twitter using #dataprivacyweek.
Innovations in surveillance and data exploitation present challenges in the fight to protect personal data across the world. Since 1990 we have been working to build a global movement through working with others - from leading civil society…
Content Type: Long Read
The Privacy International Network is celebrating Data Privacy Week, where we’ll be talking about how trends in surveillance and data exploitation are increasingly affecting our right to privacy. Join the conversation on Twitter using #dataprivacyweek.
In the era of smart cities, the gap between the internet and the so-called physical world is closing. Gone are the days, when the internet was limited to your activities behind a desktop screen, when nobody knew you were a dog.
Today, the…
Content Type: Examples
In January 2019, it was discovered that the HIV-positive status of 14,200 people in Singapore, as well as their identification numbers and contact details, had been leaked online. According to a statement of the Ministry of Health, records leaked include 5,400 Singaporeans diagnosed as HIV-positive before January 2013, and 8,800 foreigners diagnosed before December 2011. Patient names, identification numbers, phone numbers, addresses, HIV test results and medical information was included in the…
Content Type: Long Read
The Privacy International Network is celebrating Data Privacy Week, where we’ll be talking about how trends in surveillance and data exploitation are increasingly affecting our right to privacy. Join the conversation on Twitter using #dataprivacyweek.
It is no mystery that data exploitation is part of most consumer-oriented tech companies’ business models. A big part of our lives is recorded and exploited, from our web searches, to our personal communications, location, and our shopping habits…
Content Type: Long Read
The Privacy International Network is celebrating Data Privacy Week, where we’ll be talking about how trends in surveillance and data exploitation are increasingly affecting our right to privacy. Join the conversation on Twitter using #dataprivacyweek.
It is often communities who are already the most marginalised who are at risk because of the privacy invasions of data-intensive systems. Across the globe, we see the dangers of identity systems; the harms of online violence against women and the…
Content Type: News & Analysis
Campaigners are today calling for urgent action to allow Palestinians to develop an independent telecommunications infrastructure following the release of a report detailing how the Israeli government exerts its existing control to rule and monitor the online lives of Palestinian people.
‘Connection Interrupted’, produced by Privacy International partner organisation 7amleh, describes how the Israeli government restricts key telecommunications infrastructure in Palestine,…
Content Type: State of Privacy
Table of contents
Introduction
Right to Privacy
Communication Surveillance
Data Protection
Identification Schemes
Policies and Sectoral Initiatives
Introduction
Acknowledgement
The State of Privacy in Paraguay is the result of an ongoing collaboration by Privacy International and TEDIC in Paraguay.
Key privacy facts
1. Constitutional privacy protection: The constitution does not mention the word privacy but protects private life under the "right to intimacy."
2. Data protection…
Content Type: State of Privacy
Table of contents
Introduction
Right to Privacy
Communication Surveillance
Data Protection
Identification Schemes
Policies and Sectoral Initiatives
Introduction
Acknowledgment
The State of Privacy in Lebanon is the result of an ongoing collaboration between Privacy International and SMEX.
Key privacy facts
1. Constitutional privacy protection: The Lebanon constitution does not explicitly mention the right to privacy.
2. Data protection law: The Electronic Transactions and…
Content Type: State of Privacy
Table of contents
Introduction
Right to Privacy
Communication Surveillance
Data Protection
Identification Schemes
Policies and Sectoral Initiatives
Introduction
Acknowledgement
The State of Privacy in Colombia is the result of an ongoing collaboration by Privacy International and Fundación Karisma and Dejusticia.
Key Privacy Facts
1. Constitutional privacy protection: The constitution contains an explicit protection of the right to privacy (Article 15 of the 1991 constitution).
2…
Content Type: State of Privacy
Table of contents
Introduction
Right to Privacy
Communication Surveillance
Data Protection
Identification Schemes
Policies and Sectoral Initiatives
Introduction
Acknowledgement
The State of Privacy in Uganda is the result of an ongoing collaboration by Privacy International and Unwanted Witness.
Key privacy facts
1. Constitutional privacy protection: The constitution contains an explicit protection of the right to privacy (Art. 27).
2. Data protection law: There is no…
Content Type: State of Privacy
Table of contents
Introduction
Right to Privacy
Communication Surveillance
Data Protection
Identification Schemes
Policies and Sectoral Initiatives
Introduction
Acknowledgment
The State of Privacy in South Africa is the result of an ongoing collaboration by Privacy International and the Right2Know coalition.
Key Privacy Facts
1. Constitutional privacy protections: Section 14 of the Constitution of the Republic of South Africa protects the right to privacy.
2. Data protection laws…
Content Type: State of Privacy
Table of contents
Introduction
Right to Privacy
Communication Surveillance
Data Protection
Identification Schemes
Policies and Sectoral Initiatives
Introduction
Acknowledgement
The State of Privacy in the Philippines is the result of an ongoing collaboration by Privacy International and Foundation for Media Alternatives.
Key privacy facts
1. Constitutional privacy protection: The constitution contains an explicit protection of the right to privacy (Art. III, section 3).
2.…