Advanced Search
Content Type: Long Read
Privacy and data protection are currently being debated more intensively than ever before. In this interview, Frederike Kaltheuner from the civil rights organisation Privacy International explains why those terms have become so fundamentally important to us. The article was first published in the newly launched magazine ROM. The interview was conducted by ROM publisher Khesrau Behroz and writers Patrick Stegemann and Milosz Paul Rosinski.
Frederike Kaltheuner, you work for Privacy…
Content Type: Long Read
Yesterday the UK's Information Commissioner's Office (ICO) - which is responsible for ensuring people's personal data is protected - announced it intends to fine Facebook the maximum amount possible for its role in the Cambridge Analytica scandal.
This decision highlights of how serious and rampant misuse and exploitation of data is. Facebook is responsible and failed to comply with data protection 101: be upfront and honest about what you are doing with people's data.
Importantly, the ICO's…
Content Type: News & Analysis
As the international cyber security debate searches for new direction, little attention is paid to what is going on in Africa. Stepping over the remains of the UN Group of Governmental Experts, and passing by the boardrooms of Microsoft struggling to deliver their Digital Geneva Convention, African nations are following their own individual paths.
Unfortunately, these paths increasingly prioritise intrusive state surveillance and criminalisation of legitimate expression online as…
Content Type: Examples
In May 2017, the European Commission fined Facebook $122 million for providing incorrect or misleading information during its 2014 acquisition of WhatsApp. At the time of the acquisition, Facebook assured the EC that it would not be able to link its accounts database to that of WhatsApp. After the merger, Facebook went on to implement that linkage, and the EC found that Facebook staff knew even in 2014 that it was technically possible to do so. The EC could have imposed a larger fine, but said…
Content Type: Examples
In December 2017, the German cartel office presented preliminary findings in an investigation of Facebook, ruling that the company had abused its dominant position by requiring access to third-party data (including data from subsidiaries WhatsApp and Instagram) when an account is opened and tracking users across the web. Facebook responded that the service is popular in Germany, but not dominant. About 41% of Germans have active Facebook accounts. The investigation's final resolution…
Content Type: Examples
In September 2017, the Spanish national data protection regulator fined Facebook €1.2 million, alleging that the company collected personal information from Spanish users that could then be used for advertising. The investigation, which took place alongside others in Belgium, France, Germany, and the Netherlands, found three cases in which Facebook had collected information such as gender, religious beliefs, personal tastes, and browsing histories of millions of Spanish users without disclosing…
Content Type: Examples
In June 2015, the Belgian data protection regulator, Commission for the Protection of Privacy, launched a complaint that Facebook indiscriminately tracked internet users when they visited Facebook pages or clicked Like or Share, even when they are not Facebook members. In November 2015, the Court of First Instance gave Facebook 48 hours to stop tracking internet users who do not have accounts with the social network or face fines of up to €250,000 per day. The court said Facebook tracked users…
Content Type: Examples
In 2015, Facebook removed a feature that had been in place for some years that allowed developers to access information about Friends who had also signed up for their app. During that time, about 270,000 people downloaded and installed an app that was portrayed as part of an online personality quiz that offered a small payment to users who completed it. That app, This Is Your Digital Life, allowed University of Cambridge researcher Aleksandr Kogan to harvest data on an estimated 50 million…
Content Type: Examples
In January 2013, Facebook upgraded its search tool to enable the site to answer more complex questions. Called Graph Search, the new tool aimed to make it possible for users to find businesses and each other based on location, personal history, personal interests, and mutual friends. The site promised special privacy protections for minors. Privacy advocates pointed out the risks of making shared information discoverable on a large scale. Facebook's response was to suggest that users adjust…
Content Type: Examples
In May 2017, the French data protection regular, CNIL, fined Facebook €150,000 saying the company had failed to inform users properly about how their personal data is tracked and shared with advertisers. The regulator did not, however, order the company to change its practices. The decision was one of a series of European regulatory examinations of changes made to Facebook's privacy policy in 2014. CNIL's action followed rulings in 2016, when CNIL gave Facebook three months to stop tracking non…
Content Type: Examples
In 2015, Facebook created the "Free Basics" programme, in which the company partnered with telephone carriers in various countries to offer free access to Facebook - that is, using Facebook would not count against their data plan. While critics argued the plan is anti-competitive, violates the principles of network neutrality and didn't empower users to build their own culturally and contextually appropriate solutions, Facebook claimed that the service would help get India's hundreds of…
Content Type: Examples
In July 2014, a study conducted by Adam D. I. Kramer (Facebook), Jamie E. Guillory, and Jeffrey T. Hancock (both Cornell University) and published by the Proceedings of the National Academy of Sciences alerted Facebook users to the fact that for one week in 2012 689,003 of them had been the subjects of research into "emotional contagion". In the study, the researchers changed randomly selected users' newsfeeds to be more positive or negative to study whether those users then displayed a more…
Content Type: Examples
In 2012, Facebook CEO Mark Zuckerberg's sister, Randi, tweeted to fellow Twitter user Callie Schweitzer that Schweitzer had violated her privacy by posting a picture taken in her kitchen. Randi Zuckerberg, the former head of Facebook's marketing department, had posted the picture, which was taken in her kitchen and showed four people including her brother, to Facebook intending it to be viewed by Friends only. Schweitzer responded that the picture had popped up in her Facebook News Feed. Randi…
Content Type: Examples
In November 2011, the US Federal Trade Commission charged Facebook with repeatedly breaking the privacy promises it made to users. Among the list of deceptive practices and incidents in the FTC's complaint were December 2009 changes Facebook made to its site that publicly exposed information users might have marked private, such as their Friends lists; Facebook's failure to certify the security of apps participating in its Verified Apps programme, as the company said it would; the company's…
Content Type: Examples
In June 2011, Facebook enabled an automatic facial recognition called "Tag Suggestions" based on its research project DeepFace, requiring users who objected to opt out. The feature scanned the faces in newly uploaded photographs and compared them to those in the billions of images already on the system. When it found what it believed to be a match, it would suggest tags - that is, names.
Privacy advocates noted that besides the issue that all users were opted in by default, the feature meant…
Content Type: Examples
In early 2011, Facebook launched "Sponsored Stories", an advertising product that used content from members' posts inside ads displayed on the service. Drawing on Likes, check-ins, and comments, a Sponsored Story might use a member's photograph and their comments from a coffee shop to create an ad that would then be displayed alongside other ads. Users were provided no ability to opt out. Among the inaugural advertisers was Coca-Cola, and Starbucks featured in a marketing video Facebook made to…
Content Type: Examples
In October 2010, the Wall Street Journal discovered that apps on Facebook were sending identifying information such as the names of users and their Friends to myriad third-party app advertising and internet tracking companies. All of the ten most popular Facebook apps, including Zynga's FarmVille, Texas HoldEm Poker, and FrontierVille, were found to be transmitting personal information about their users' Friends to outside companies. While Facebook and defenders of online tracking argued that…
Content Type: Examples
When journalist Alex Hern needed to set up a Facebook account in order to manage the Guardian's technology page and other work-related things, he locked down its privacy settings so that the account's profile would not appear in searches and only Friends of Friends could add him as a friend. In October 2017, Hern discovered that these settings no longer applied: an update to Facebook's internal search engine gave users the ability to search the entire network. While private posts remained…
Content Type: Examples
In April 2010, Facebook launched a set of tools to enable websites to add a social layer by adding a Facebook frame to their pages. The company's three launch partners, Microsoft's Docs.com, Yelp, and Pandora, had access to a more comprehensive tool, Instant Personalization, which allowed them to look directly at individuals' Facebook profiles and use the public information presented there to provide a personalised experience such as playing music (Pandora) or restaurants (Yelp) that the person…
Content Type: Examples
In September 2007, Facebook, which from its 2004 founding had stressed the privacy of its user profiles and interactions, opened up its profiles to public search engines such as Google and Bing. Facebook's new "public listing search" allowed anyone to search for a particular person; such searches returned the name and profile picture of all members who had set their search privacy to "Everyone". The benefit to Facebook was to encourage non-users to sign up when they saw their friends and family…
Content Type: Examples
In July 2009 after an in-depth study of the site spurred by complaints from the Canadian Internet Policy and Public Interest Clinic at the University of Ottawa, Canada's Privacy Commissioner issued a ruling that Facebook was in direct violation of the country's privacy laws. Among the regulator's complaints: the company's privacy policies were often confusing, incomplete, and generally lacked transparency; the company did not make a reasonable effort to inform users how their private…
Content Type: Examples
In February 2008, users discovered that deleting their account from Facebook does not entirely remove it. Instead, the company's servers retained copies of the information in those accounts indefinitely even after those users telephoned the company to request full removal. The company argued that retaining the data benefits users by making it easy for them to resurrect their accounts later, should they choose to do so. Facebook's website did not make this clear; only users who contacted the…
Content Type: Examples
In November 2007, Facebook launched Beacon, an advertising programme that allowed third-party sites to include a script that passed Facebook notifications about users' activities on their sites such as purchases, auction bids, reviews, and game-playing. The service as originally designed offered no opportunity to opt out, and a public outcry ensued; many people did not want their activities broadcast automatically to all their Friends. Users also soon found that Beacon transmitted information…
Content Type: Examples
In May 2009, University of Cambridge computer science researcher Joseph Bonneau discovered as part of his research that many social network respond to user requests to delete photographs by hiding them while remaining them on their servers. Among the worst offenders were Facebook, MySpace, Bebo, and LiveJournal. A Facebook spokesman explained that while photographs were immediately deleted from the company's own servers, the data would take longer to be removed from Akamai, the Content Delivery…
Content Type: Examples
In 2006, Facebook redesigned its system to add News Feed and Mini-Feed features, which the company said were intended to give users information about their social world. The News Feed was designed to provide a constantly updated stream of stories including updates from each user's Friends and Facebook groups, along with news stories tailored to their interests. Mini-Feed collected each user's updates into a new section on their profile page. Almost immediately, public backlash forced company…
Content Type: Examples
Over the years from 2005, when Facebook was still known as "Thefacebook" and its membership was still limited to verifiable Harvard students, to 2010, Facebook changed its privacy policies many times. Over that time, the default circle of who could view users' data widened over time, first to include schools and local areas, then to the entire Facebook network, then to the wider internet, and finally to third-party apps and advertisers. Taken together, the story is one of a service that began…
Content Type: Examples
The first iteration of Facebook, which then-student Mark Zuckerberg launched at Harvard University in 2003, was known as "Facemash", and was based on a popular website of the day, Am I Hot or Not? Using photographs of students scraped from those collected by the university's houses of residence, the site showed users pairs of randomly selected photographs and asked them to choose the "hotter" person in order to compile student attractiveness rankings. Zuckerberg was forced to take the site down…
Content Type: Press release
Photo credit: Forbrukerrådet
The Norwegian Consumer Council has today published a report which shows how Facebook and Google appear to push users into sharing personal data, and raises questions around how such practices are GDPR compliant.
Off the back of the analysis, Privacy International is joining NCC and several other consumer and privacy groups in Europe to ask European data protection authorities to investigate whether the companies are acting in accordance with GDPR. Copies of the…
Content Type: Course
About: This course will take you through the process for qualitative research on privacy topics, including surveillance technologies, the role of global industry, and data-intensive systems.
Ideal for: People with a background in research, law, or social sciences, working on or with an interest in developing their knowledge of privacy issues. We recommend first taking our introductory course.
Impact: You will learn how to design research and conduct interviews around privacy-related topics,…