Advanced Search
Content Type: Advocacy
This stakeholder report is a submission by Privacy International (PI) and the Jordan Open Source Association (JOSA).
Privacy International and the Jordan Open Source Association wish to bring concerns about the protection and promotion of the right to privacy for consideration in Jordan’s upcoming review at the 31st session of the Working Group on the Universal Periodic Review.
Content Type: Long Read
The European Union's new data privacy law (General Data Protection Regulation, better known as GDPR) takes effect today May 25th, 2018, after a two-year transition period. Despite some companies appearing to believe otherwise, and many articles misrepresenting its contents, the GDPR will have a significative impact beyond the European Union, and it will extend many of its data privacy safeguards to users’ data globally.
There are a number of reasons that explain this impact:
Obligations…
Content Type: Long Read
We found the image here.
Open a Russian Matryoshka doll and you will find a smaller doll inside. Ask a large data company such as Acxiom and Oracle where they get their data from, and the answer will be from smaller data companies.
Data companies – a catch all term for data brokers, advertisers, marketers, web trackers, and more – facilitate a hidden data ecosystem that collects, generates and supplies data to wide variety of beneficiaries. The beneficiaries of the ecosystem can include other…
Content Type: Press release
On the day that GDPR comes into force, PI has launched a campaign investigating a range of data companies that make up a largely hidden data ecosystem. This hidden data ecosystem is comprised of thousands of non-consumer facing data companies - such as Acxiom, Criteo, Quantcast - that amass and exploit large amounts of personal data. Using the rights and obligations provided for within the new data privacy law, PI's campaign involves investigating a selection of these companies whose business…
Content Type: Long Read
Privacy and data protection are fundamental rights. When respected they help improve trust and reduce power imbalances. Individuals should have rights over their personal data, regardless of who holds or processes it, and effective ways to enforce those rights, through independent bodies.
While not an ideal solution, GDPR gives individuals more control over their personal data. Rather than burdening individuals with managing and protecting their data, the onus will be on the companies to do so…
Content Type: Press release
WASHINGTON, D.C. – U.S. companies should adopt the same data protection rules that are poised to go into effect in the European Union on May 25, Public Citizen, the Center for Digital Democracy and Privacy International said today.
In a sign-on letter, 28 groups are calling on some of the world’s largest companies – including Facebook, Google and Amazon, as well as digital advertisers like Nestle, Walmart and JPMorgan Chase – to use Europe’s impending General Data Protection Regulation (GDPR…
Content Type: Press release
Tomaso Falchetta, PI's Head of Advocacy and Policy team said:
"The adoption of the Data Protection Act represents an important reform which strengthens the rights of individuals and increases obligations for the industry. The Act opens the way for the application of the EU General Data Protection Regulation in the UK, and regulates the processing of personal data by companies, public authorities, law enforcement, and intelligence agencies. PI particularly welcome increased powers for the…
Content Type: Press release
In a remarkable development in Privacy International's four year legal battle against the UK Government's powers to hack phones and computers on a massive scale, the UK Supreme Court has agreed to hear the London-based charity's case in December 2018.
Privacy International's case stems from a decision by the Investigatory Powers Tribunal (a specialised court set up to hear complaints against government surveillance, including surveillance carried out by the UK intelligence agencies) finding…
Content Type: News & Analysis
We found the above image here.
Background
Email is hard to secure. For years we've been trying to build security on top of email, such as through technologies like Pretty Good Privacy (PGP) and the open source implementation: GnuPG (GPG).
What happened
In the past 48 hours, there have been very scary looking reports recommending people switch off PGP in their email clients.
The TL;DR version of this post is:
PGP is not broken by this attack
You absolutely should not stop…
Content Type: Press release
Today, as the Data Protection Bill reaches its final stages, Privacy International has written to the leaders of the main UK political parties asking for public commitment to not use the exemption provided in the Bill to target voters - both online and offline - in all local and national forthcoming elections or by-elections.
Privacy International has long been concerned about the exploitation of peoples’ data and the opaque data ecosystem, and the impact of such practices on the democratic…
Content Type: News & Analysis
En el 2011 se liquidó el DAS. Las violaciones, excesos y abusos de la inteligencia estatal que comenzaban por la intimidad y terminaban con la vida de los ciudadanos habían producido condenas judiciales a varios exdirectores: claro indicador de que se necesitaba un cambio. Siete años ha tenido el Estado colombiano para ordenar la casa y esta semana someterá sus récords de derechos humanos al examen de los miembros de Naciones Unidas. La evaluación analizará, entre otros…
Content Type: News & Analysis
Los frecuentes escándalos sobre el abuso de la vigilancia estatal en actividades de inteligencia, la exagerada obligación legal que tienen las empresas de telefonía de retener los datos de las comunicaciones de sus usuarios por cinco años o la manera como se diluye el concepto de privacidad en el Código de Policía serán parte del examen que se haga en el seno de la ONU sobre la forma como Colombia cumple sus compromisos de derechos humanos.
Dirigido por los Estados y con el auspicio del…
Content Type: News & Analysis
In the lead-up to the 30th session of the Universal Periodic Review which took place on 10 May 2018, Fundación Karisma, a partner organisation in the Privacy International Network, joined a coalition of civil society groups in Colombia to raise more awareness about the country's human rights record.
As part of the joint effort, the coalition produced factsheets on various human rights in the Colombian context, including the right to privacy. It is available in both English and Spanish.
Content Type: Long Read
If you operate an internet company in Russia, you aren’t necessarily surprised to one day open the door to someone, grasping in one hand a bundle of wires and in the other a letter from a government agency demanding access to your servers, with a black box wedged under one arm.
Internet companies in Russia are required by law to store the content of users’ communications for six months and the metadata of users’ communications for three years, essentially meaning that what a person does…
Content Type: Long Read
Hasn't Facebook said it would give European data protection to all of their users?
Yes, but only in very vague language. In an initial reaction to the Cambridge Analytica scandal, Mark Zuckerberg declared that Facebook would apply the EU General Data Protection Regulation (GDPR) “in spirit” to their 2 billion users worldwide. When questioned by members of the US Congress, Zuckerberg declared that "[a]ll the same controls will be available around the world". Representative Green sought…
Content Type: Report
Artificial Intelligence (AI) is part of our daily lives. This technology shapes how people access information, interact with devices, share personal information, and even understand foreign languages. It also transforms how individuals and groups can be tracked and identified, and dramatically alters what kinds of information can be gleaned about people from their data.
AI has the potential to revolutionise societies in positive ways. However, as with any scientific or technological…
Content Type: Press release
Privacy International (PI) has today sent a detailed report and list of questions to the UK Prime Minister, Theresa May, following her admission that failures in the UK system governing intelligence sharing with international partners helped facilitate the detention, retention and “appalling treatment” of Abdel Hakim Belhaj and Fatima Boudchar.
Yesterday, in a letter written to Belhaj and Boudchar and read out in the UK parliament, Prime Minister May made the extraordinary admission that “The…
Content Type: News & Analysis
Following on from the publication of our ‘Digital Stop and Search’ report last month, into the use of intrusive technology that enables officers to download all of the data stored on our mobile phones, we are pleased that Scotland's Justice Sub-Committee on Policing have been scrutinising Police Scotland over their use of the technology.
During the hearing by Scotland's Justice Sub-Committee on Policing on 10th May John Finnie MSP stated he personally did not feel reassured, after grilling…
Content Type: Advocacy
Today Privacy International, with TACD, published a document detailing 10 things that US companies need to know about the forthcoming General Data Protection Regulation (GDPR).
People’s data should be treated with the highest privacy protections no matter where they are based. Privacy is a fundamental human right and data protection is intrinsically linked to it. While GDPR is not perfect, it does provide enforceable rights and obligations. If US companies want to demonstrate true commitment…
Content Type: Report
The use of biometric technology in political processes, i.e. the use of peoples’ physical and behavioural characteristics to authenticate claimed identity, has swept across the African region, with 75% of African countries adopting one form or other of biometric technology in their electoral processes. Despite high costs, the adoption of biometrics has not restored the public’s trust in the electoral process, as illustrated by post-election violence and legal challenges to the results of…
Content Type: Examples
A data breach at the Internet Research Agency, the Russian troll farm at the centre of Russia's interference in the 2016 US presidential election, reveals that one way the IRA operated was to use identities stolen from Americans. Using these accounts and other fake ones, the troll farm interacted via social media with genuine US activists and recruited them to participate in and help organise rallies, all in the interests of aggravating long-standing American social divisions.
https://…
Content Type: Examples
According to whistleblower Christopher Wylie, during the 2014 US midtern elections, Cambridge Analytica, needing data to complete the new products it had promised to political advisor Steve Bannon, harvested private information from the Facebook profiles of more than 50 million users without their permission. There was enough information about 30 million of these users to match them to other records and build psychographic profiles.
After the news became public in March 2018, Facebook…
Content Type: Examples
In March 2018, Facebook announced it was scrapping plans to show off new home products at its developer conference in May, in part because revelations about the use of internal advertising tools by Cambridge Analytica have angered the public. The new products were expected to include connected speakers with digital assistant and video chat; they are now undergoing a review to ensure that they incorporate the right approach to user data. At the developer conference the company will also explain…
Content Type: Examples
Users downloading their Facebook histories have been startled to find that the company has been collecting call and SMS data. The company has responded by saying users are in control of what's uploaded to Facebook. However, the company also says it's a widely used practice when users first sign in on their phones to a messaging or social media app to begin by uploading the phone's contact list. That data then becomes part of the company's friend recommendation algorithm. On versions of Android…
Content Type: Examples
The Houston, Texas-based online dating startup Pheramor claims to use 11 "attraction genes" taken from DNA samples in its matchmaking algorithm. Launched in February 2018 in Houston with 3,000 users, Pheramor also encourages users to connect it to their social media profiles so it can datamine them for personality traits and common interests. Members pay $19.99 plus a $10 monthly fee and send in a cheek swab using a kit Pheramor supplies. In response, the company combines the genetic and social…
Content Type: Examples
Behind the colourful bicycles and games rooms, Silicon Valley tech giants operate a strict code of secrecy, relying on a combination of cultural pressure, digital and physical surveillance, legal threats, and restricted stock to prevent and detect not only criminal activity and intellectual property theft but also employees and contracts who speak publicly about their working conditions. Apple has long been known for requiring employees to sign project-specific non-disclosure agreements (NDAs…
Content Type: Examples
The small, portable GrayKey box, costing $15,000 for an internet-connected version tied to a specific location or $30,000 for an offline version usable anywhere, takes two minutes to install proprietary software designed to guess an iPhone's passcode. Intended for use by law enforcement officials, the box can take from a few hours to crack a short passcode to several days for a longer one. Once cracked, the passcode is displayed on the iPhone's screen; then the iPhone can be reconnected to the…
Content Type: Examples
As part of its attempt to keep its 40,000 drivers operating on the streets of London after Transport for London ruled in October 2017 it was not "fit and proper" to run a taxi service, Uber has promised to share its anonymised data on travel conditions and journey times. TfL said in February 2018 that sharing travel pattern data could help it improve understanding of operators' services.
https://uk.reuters.com/article/us-uber-britain/uber-to-share-its-london-data-in-latest-charm-…
Content Type: Examples
The accuracy of Facebook's ad targeting sometimes leads users to believe that Facebook is spying on them by tapping the microphones in their phones. Facebook has denied the practice - and is likely telling the truth because uploading and scanning the amount of audio data such a system would involve an unattainable amount of processing power to understand context.
It sounds believable: Joanna Stern's mother told her to buy the decongestant Sudafed in the morning, and by afternoon she sees…