Advanced Search
Content Type: Examples
In 2018, the digital marketing company Tell All Digital began marketing technology to personal injury law firms to enable them to send mobile ads to patients they know are waiting for treatment in an emergency room and for up to a month afterwards. The technology relies on geofencing, a technique for targeting people in a specific location using a phone ID derived from wi-fi, cell data, or GPS apps. Under the US Health Information Portability and Accountability Act, this type of targeting is…
Content Type: Examples
By 2018, gene studies involving more than 200,000 test takers had found correlations between 500 human genes and academic success. Based on these results, the behavioural geneticist Robert Plomin claimed that parents would be able to use consumer tests to enable "precision education", built around accurate predictions of their children's mental abilities. Even though DNA variations linked to test scores explained less than 10% of the difference in intelligence among the Europe-descended…
Content Type: Examples
Canada began experiments introducing automated decision-making algorithms into its immigration systems to support evaluation of some of the country's immigrant and visitor applications in 2014. In a 2018 study, Citizen Lab and NewsDeeply found that AI's use was expanding despite concerns about bias, discrimination, and privacy breaches, along with other human rights issues such as due process and procedural fairness. Residents lacking citizenship often have less access to human rights…
Content Type: Examples
By August 2018, the UK government's "hostile environment" policy, as set out in the 2014 and 2016 Immigration Acts and other measures, was extending the national border into the heart of services such as banking, education, health, and housing where landlords and staff have been forced to implement immigration checks. Students are a particular focus; it is harder to apply to UK universities and work after graduation, and international students must comply with stricter rules on attendance and…
Content Type: Examples
In September 2018, the US Department of Homeland Security proposed to add credit scores and histories to the list of information immigrants are required to submit when applying for legal resident status. The stated purpose of the proposed rule is to bar those who might become a "public charge" from acquiring legal residency, extending their stay, or changing their status. While credit reports do reveal information about an individual's debt, payment, and work history, they were never designed…
Content Type: Examples
In May 2018, US Immigration and Customs Enforcement abandoned the development of machine learning software intended to mine Facebook, Twitter, and the open Internet to identify terrorists. The software, announced in the summer of 2017, had been a key element of president Donald Trump's "extreme vetting" programme and expected to flag at least 10,000 people a year for investigation. ICE decided instead to opt for a contractor who could provide training, management, and human personnel to do the…
Content Type: Long Read
As our four year battle against the UK government’s extraordinarily broad and intrusive hacking powers goes to the Supreme Court, we are launching a new fundraising appeal in partnership with CrowdJustice.
We are seeking to raise £5k towards our costs and need your help. If we lose, the court may order us to pay for the government’s very expensive army of lawyers. Any donation you make, large or small, will help us both pursue this important case and protect the future ability of…
Content Type: App Analysis
This documentation demonstrates actions taken by the test user and the apps subsequent responses.
Test user action 1: The user taps on the application icon, which opens the application
Response from app: The application is initialised and the following data is sent and received by the app:
Immediately after the app is opened, the following data is sent to graph.facebook.com (Graph)
Form data:
format: json
sdk: android…
Content Type: App Analysis
This documentation demonstrates actions taken by the test user and the apps subsequent responses.Test user action 1: The user taps on the application icon, which opens the applicationResponse from app: The application is initialised and the following data is sent and received by the app:Immediately after the app is opened, the following data is sent to graph.facebook.com (Graph)format: json
sdk: android
event…
Content Type: Report
In December 2018, the National Coalition of Human Rights Defenders-Kenya published a report analysing the needs and concerns of human rights defenders (HRD) in relation to privacy, data protection and communications surveillance.
A summary of their findings is below. Access the full report on their website.
Content Type: App Analysis
This documentation demonstrates actions taken by the test user and the apps subsequent responses.
Test user action 1: The user taps on the application icon, which opens the application
Response from app: The application is initialised and the following data is sent and received by the app:
Immediately after the app is opened, the following data is sent to graph.facebook.com (Graph)
The following GET request was made:
GET https://graph.facebook.com/v3.1/97534753161…
Content Type: Examples
Following the 9/11 attacks in 2001, the New York City Police Department installed thousands of CCTV cameras and by 2008 in partnership with Microsoft had built the Lower Manhattan Security Coordination Center to consolidate its video surveillance operations into a single command centre that also incorporated other sensors such as licence plate readers and radiation detectors. In 2010 as part of its Domain Awareness System, the NYPD began integrating cutting-edge video analytics software into…
Content Type: Examples
In 2011, the US Department of Homeland Security funded research into a virtual border agent kiosk called AVATAR, for Automated Virtual Agent for Truth Assessments in Real-Time, and tested it at the US-Mexico border on low-risk travellers who volunteered to participate. In the following years, the system was also tested by Canada's Border Services Agency in 2016 and the EU border agency Frontex in 2014. The research team behind the system, which included the University of Arizona, claimed the…
Content Type: Examples
In 2018, at least five British local authorities began developing systems intended to use predictive analytics to identify families needing attention from child services on the basis that algorithmic profiling could help them target their scarce resources more efficiently. Data about at least 377,000 people were incorporated into predictive systems managed by a variety of private companies: Xantura (used by Hackney and Thurrock) or by systems they developed internally (Newham and Bristol). IBM…
Content Type: Examples
In 2018, the EU announced iBorderCtrl, a six-month pilot led by the Hungarian National Police to install an automated lie detection test at four border crossing points in Hungary, Latvia, and Greece. The system uses an animated AI border agent that records travellers' faces while asking questions such as "What's in your suitcase?". The AI then analyses the video, scoring each response for 38 microexpressions. Travellers who pass will be issued QR codes to let them through; those who don't will…
Content Type: Advocacy
In response to the consultation on ‘Gender perspectives on Privacy’ by the UN Special Rapporteur on the right to privacy, Privacy International presented a submission with its observations.
Content Type: News & Analysis
We found this here.
The European Union’s new privacy law, the General Data Protection Regulation, or GDPR, is being tested across Europe. The first GDPR privacy case in Romania began with an investigation that was published on November 5 about a corruption scandal involving a politician and his close relationships to a company being investigated for fraud. The Romanian data protection authority (ANSPDCP) sent a series of questions to the journalists who authored the article and asked for…
Content Type: Advocacy
Privacy International, European Digital Rights, and the Association for Technology and Internet (ApTI) together with 15 other digital rights organisations sent a letter on Monday 21 November 2018, to the European Data Protection Board (EDPB), with copies to the Romanian Data Protection Authority (ANSPDCP), and the European Commission, asking for the General Data Protection Regulation (GDPR) not to be misused in order to threaten media freedom in Romania.
Shortly after a journalistic…
Content Type: News & Analysis
Data sharing among states is gaining prominence, particularly in light of the need to coordinate counter-terrorism activities across borders. The President of the European Commission put it in stark terms just a couple of months ago: “Terrorists know no borders. We cannot allow ourselves to become unwitting accomplices because of our inability to cooperate.” And several UN Security Council resolutions have emphasized the need for international cooperation in counter-terrorism.
Privacy…
Content Type: Examples
Police in the German state of Hesse are using a bespoke version of Palantir's Gotham software system, specially adapted for the police force. Palantir CEO Alex Karp sits on the board of the German mega publisher Axel Springer.
Publication: WorldCrunch, Jannis Brühl
Date: 20 November 2018
Content Type: Video
We filed complaints against seven companies, including the ones mentioned in this video, for wide-scale and systematic infringements of data protection law. Demand these companies delete your data!
Content Type: Video
We filed complaints against seven companies, including the ones mentioned in this video, for wide-scale and systematic infringements of data protection law. Demand these companies delete your data!
Content Type: News & Analysis
We've put together this short FAQ about some of the legal details of our campaign to ask companies to delete our data.
1.What is the right to erasure?
The right to erasure (or deletion) is just one of a number of data rights that may be found in data protection law, including the European Union's new law, the General Data Protection Regulation, better known as "GDPR".
You have the right to ask that your data be deleted and, in most cases, the data controller (which in your letter is the data…
Content Type: News & Analysis
Email addresses
Acxiom: [email protected]
Criteo: [email protected]
Equifax: [email protected]
Experian: [email protected]
Oracle: https://oracle.ethicspointvp.com/custom/oracle/dp/en/form_data.asp
Quantcast: [email protected] cc: [email protected]
Tapad: [email protected]
Letter for Acxiom and Oracle
subject line: Right to Erasure Request
I am concerned your company exploits my data.
In accordance with my right[s] under the General Data…
Content Type: News & Analysis
Our team wanted to see how data companies that are not used to being in the public spotlight would respond to people exercising their data rights. You have the right under the EU General Data Protection Regulation ("GDPR") to demand that companies operating in the European Union (either because they are based here or target their products or services to individuals in the EU) delete your data within one month. We wrote to seven companies and requested that they delete our data, and we've made…
Content Type: Press release
Today, Privacy International has filed complaints against seven data brokers (Acxiom, Oracle), ad-tech companies (Criteo, Quantcast, Tapad), and credit referencing agencies (Equifax, Experian) with data protection authorities in France, Ireland, and the UK. Privacy International urges the data protection authorities to investigate these companies and to protect individuals from the mass exploitation of their data.
Our complaints target companies that, despite exploiting the data of millions of…
Content Type: Advocacy
Today, Privacy International has filed complaints against seven data brokers (Acxiom, Oracle), ad-tech companies (Criteo, Quantcast, Tapad), and credit referencing agencies (Equifax, Experian) with data protection authorities in France, Ireland, and the UK.
It’s been more than five months since the EU’s General Data Protection Regulation (GDPR) came into effect. Fundamentally, the GDPR strengthens rights of individuals with regard to the protection of their data, imposes more…
Content Type: Advocacy
Today, Privacy International has filed complaints against seven data brokers (Acxiom, Oracle), ad-tech companies (Criteo, Quantcast, Tapad), and credit referencing agencies (Equifax, Experian) with data protection authorities in France, Ireland, and the UK.
It’s been more than five months since the EU’s General Data Protection Regulation (GDPR) came into effect. Fundamentally, the GDPR strengthens rights of individuals with regard to the protection of their data, imposes more…