Advanced Search
Content Type: Examples
In 2015, Facebook removed a feature that had been in place for some years that allowed developers to access information about Friends who had also signed up for their app. During that time, about 270,000 people downloaded and installed an app that was portrayed as part of an online personality quiz that offered a small payment to users who completed it. That app, This Is Your Digital Life, allowed University of Cambridge researcher Aleksandr Kogan to harvest data on an estimated 50 million…
Content Type: Examples
In January 2013, Facebook upgraded its search tool to enable the site to answer more complex questions. Called Graph Search, the new tool aimed to make it possible for users to find businesses and each other based on location, personal history, personal interests, and mutual friends. The site promised special privacy protections for minors. Privacy advocates pointed out the risks of making shared information discoverable on a large scale. Facebook's response was to suggest that users adjust…
Content Type: Examples
In May 2017, the French data protection regular, CNIL, fined Facebook €150,000 saying the company had failed to inform users properly about how their personal data is tracked and shared with advertisers. The regulator did not, however, order the company to change its practices. The decision was one of a series of European regulatory examinations of changes made to Facebook's privacy policy in 2014. CNIL's action followed rulings in 2016, when CNIL gave Facebook three months to stop tracking non…
Content Type: Examples
In 2015, Facebook created the "Free Basics" programme, in which the company partnered with telephone carriers in various countries to offer free access to Facebook - that is, using Facebook would not count against their data plan. While critics argued the plan is anti-competitive, violates the principles of network neutrality and didn't empower users to build their own culturally and contextually appropriate solutions, Facebook claimed that the service would help get India's hundreds of…
Content Type: Examples
In July 2014, a study conducted by Adam D. I. Kramer (Facebook), Jamie E. Guillory, and Jeffrey T. Hancock (both Cornell University) and published by the Proceedings of the National Academy of Sciences alerted Facebook users to the fact that for one week in 2012 689,003 of them had been the subjects of research into "emotional contagion". In the study, the researchers changed randomly selected users' newsfeeds to be more positive or negative to study whether those users then displayed a more…
Content Type: Examples
In 2012, Facebook CEO Mark Zuckerberg's sister, Randi, tweeted to fellow Twitter user Callie Schweitzer that Schweitzer had violated her privacy by posting a picture taken in her kitchen. Randi Zuckerberg, the former head of Facebook's marketing department, had posted the picture, which was taken in her kitchen and showed four people including her brother, to Facebook intending it to be viewed by Friends only. Schweitzer responded that the picture had popped up in her Facebook News Feed. Randi…
Content Type: Examples
In November 2011, the US Federal Trade Commission charged Facebook with repeatedly breaking the privacy promises it made to users. Among the list of deceptive practices and incidents in the FTC's complaint were December 2009 changes Facebook made to its site that publicly exposed information users might have marked private, such as their Friends lists; Facebook's failure to certify the security of apps participating in its Verified Apps programme, as the company said it would; the company's…
Content Type: Examples
In June 2011, Facebook enabled an automatic facial recognition called "Tag Suggestions" based on its research project DeepFace, requiring users who objected to opt out. The feature scanned the faces in newly uploaded photographs and compared them to those in the billions of images already on the system. When it found what it believed to be a match, it would suggest tags - that is, names.
Privacy advocates noted that besides the issue that all users were opted in by default, the feature meant…
Content Type: Examples
In early 2011, Facebook launched "Sponsored Stories", an advertising product that used content from members' posts inside ads displayed on the service. Drawing on Likes, check-ins, and comments, a Sponsored Story might use a member's photograph and their comments from a coffee shop to create an ad that would then be displayed alongside other ads. Users were provided no ability to opt out. Among the inaugural advertisers was Coca-Cola, and Starbucks featured in a marketing video Facebook made to…
Content Type: Examples
In October 2010, the Wall Street Journal discovered that apps on Facebook were sending identifying information such as the names of users and their Friends to myriad third-party app advertising and internet tracking companies. All of the ten most popular Facebook apps, including Zynga's FarmVille, Texas HoldEm Poker, and FrontierVille, were found to be transmitting personal information about their users' Friends to outside companies. While Facebook and defenders of online tracking argued that…
Content Type: Examples
When journalist Alex Hern needed to set up a Facebook account in order to manage the Guardian's technology page and other work-related things, he locked down its privacy settings so that the account's profile would not appear in searches and only Friends of Friends could add him as a friend. In October 2017, Hern discovered that these settings no longer applied: an update to Facebook's internal search engine gave users the ability to search the entire network. While private posts remained…
Content Type: Examples
In April 2010, Facebook launched a set of tools to enable websites to add a social layer by adding a Facebook frame to their pages. The company's three launch partners, Microsoft's Docs.com, Yelp, and Pandora, had access to a more comprehensive tool, Instant Personalization, which allowed them to look directly at individuals' Facebook profiles and use the public information presented there to provide a personalised experience such as playing music (Pandora) or restaurants (Yelp) that the person…
Content Type: Examples
In September 2007, Facebook, which from its 2004 founding had stressed the privacy of its user profiles and interactions, opened up its profiles to public search engines such as Google and Bing. Facebook's new "public listing search" allowed anyone to search for a particular person; such searches returned the name and profile picture of all members who had set their search privacy to "Everyone". The benefit to Facebook was to encourage non-users to sign up when they saw their friends and family…
Content Type: Examples
In July 2009 after an in-depth study of the site spurred by complaints from the Canadian Internet Policy and Public Interest Clinic at the University of Ottawa, Canada's Privacy Commissioner issued a ruling that Facebook was in direct violation of the country's privacy laws. Among the regulator's complaints: the company's privacy policies were often confusing, incomplete, and generally lacked transparency; the company did not make a reasonable effort to inform users how their private…
Content Type: Examples
In February 2008, users discovered that deleting their account from Facebook does not entirely remove it. Instead, the company's servers retained copies of the information in those accounts indefinitely even after those users telephoned the company to request full removal. The company argued that retaining the data benefits users by making it easy for them to resurrect their accounts later, should they choose to do so. Facebook's website did not make this clear; only users who contacted the…
Content Type: Examples
In November 2007, Facebook launched Beacon, an advertising programme that allowed third-party sites to include a script that passed Facebook notifications about users' activities on their sites such as purchases, auction bids, reviews, and game-playing. The service as originally designed offered no opportunity to opt out, and a public outcry ensued; many people did not want their activities broadcast automatically to all their Friends. Users also soon found that Beacon transmitted information…
Content Type: Examples
In May 2009, University of Cambridge computer science researcher Joseph Bonneau discovered as part of his research that many social network respond to user requests to delete photographs by hiding them while remaining them on their servers. Among the worst offenders were Facebook, MySpace, Bebo, and LiveJournal. A Facebook spokesman explained that while photographs were immediately deleted from the company's own servers, the data would take longer to be removed from Akamai, the Content Delivery…
Content Type: Examples
In 2006, Facebook redesigned its system to add News Feed and Mini-Feed features, which the company said were intended to give users information about their social world. The News Feed was designed to provide a constantly updated stream of stories including updates from each user's Friends and Facebook groups, along with news stories tailored to their interests. Mini-Feed collected each user's updates into a new section on their profile page. Almost immediately, public backlash forced company…
Content Type: Examples
Over the years from 2005, when Facebook was still known as "Thefacebook" and its membership was still limited to verifiable Harvard students, to 2010, Facebook changed its privacy policies many times. Over that time, the default circle of who could view users' data widened over time, first to include schools and local areas, then to the entire Facebook network, then to the wider internet, and finally to third-party apps and advertisers. Taken together, the story is one of a service that began…
Content Type: Examples
The first iteration of Facebook, which then-student Mark Zuckerberg launched at Harvard University in 2003, was known as "Facemash", and was based on a popular website of the day, Am I Hot or Not? Using photographs of students scraped from those collected by the university's houses of residence, the site showed users pairs of randomly selected photographs and asked them to choose the "hotter" person in order to compile student attractiveness rankings. Zuckerberg was forced to take the site down…
Content Type: Press release
Photo credit: Forbrukerrådet
The Norwegian Consumer Council has today published a report which shows how Facebook and Google appear to push users into sharing personal data, and raises questions around how such practices are GDPR compliant.
Off the back of the analysis, Privacy International is joining NCC and several other consumer and privacy groups in Europe to ask European data protection authorities to investigate whether the companies are acting in accordance with GDPR. Copies of the…
Content Type: Course
About: This course will take you through the process for qualitative research on privacy topics, including surveillance technologies, the role of global industry, and data-intensive systems.
Ideal for: People with a background in research, law, or social sciences, working on or with an interest in developing their knowledge of privacy issues. We recommend first taking our introductory course.
Impact: You will learn how to design research and conduct interviews around privacy-related topics,…
Content Type: Course
About: This course examines how innovations in policies, business models, and technologies enable governments to increasingly generate, collect, process and store more data about individuals.
Ideal for: People with a background in research, law, or social sciences, working on or with an interest in developing their knowledge of privacy issues. We recommend first taking our introductory course.
Impact: You will learn concepts and definitions related to data-intensive systems, and gain…
Content Type: Course
About: This course covers the fundamentals of communication networks and describes the various forms of communications surveillance that exists.
Ideal for: Anyone with an interest in technology and human rights. We recommend first taking our introductory course.
Impact: You will gain insight into how communication and surveillance technologies have been deployed across the world, as well as the different protections that metadata receives in various countries.
Learn more: As digital…
Content Type: Course
About: This course is an introduction to the principles that underpin the right to privacy, its increasing importance in our daily lives, and the work that is being done internationally to protect this right.
Ideal for: Anyone with an interest in technology and human rights. Some knowledge of law would be helpful, but not essential.
Impact: You will learn about the international and regional conventions that establish the right to privacy, as well as the principles of data protection laws and…
Content Type: Press release
Privacy International, Liberty, and Open Rights Group have joined over 60 NGOs, community groups, and academics across the European Union to file complaints to the European Commission. The complaints call for the EU governments to stop requiring companies to store all communications data. The practice was ruled unlawful by the Court of Justice of the European Union (CJEU) in two separate judgments in 2014 and 2016. The UK complaint was filed by Privacy International, Liberty, and Open Rights…
Content Type: News & Analysis
Privacy International welcomes today’s decision by the United States Supreme Court in Carpenter v. United States, which finds that the government must generally obtain a warrant when seeking mobile phone location records. In particular, PI applauds the Court’s recognition that “[m]apping a cell phone’s location over the course of 127 days provides an all-encompassing record of the holder’s whereabouts. As with GPS information, the timestamped data provides an intimate window into a person’s…
Content Type: Course Section
Communications surveillance is where a third party intercepts a communication in the course of its transmission between intended recipients. Interception includes all acts of monitoring, copying, diverting, duplicating and storing communications in the course of their transmission by or for law enforcement or intelligence agencies.[1]
When discussing communications surveillance, there are many debates, distinctions, and terms used. Because of this it is important to know what a term represents…
Content Type: Course Section
CONCEPTS
Communications surveillance: Communications surveillance is the monitoring, interception, collection, preservation and retention of information that has been communicated, relayed or generated over communications networks to a group of recipients by a third party. This includes phone calls, emails, text messages, pictures, and messaging apps.
Data protection: Data protection is the law designed to protect your personal information, which is collected, processed and stored by “…
Content Type: Course Section
TABLE OF METADATA PROTECTIONS
UNITED KINGDOM
s. 16 of Regulation of Investigatory Powers Act, 2012
Extra safeguards
intercepted material falls within this subsection so far only as it is selected to be read, looked at or listened to otherwise than according to a factor which—
has as its purpose, or one of its purposes, the identification of material contained in communications sent by him, or intended for him
UNITED STATES OF AMERICA
Smith v. Maryland 1979
"there is no…