Advanced Search
Content Type: Long Read
Photo by Cade Roberts on Unsplash
For those of you who don't spend the most productive part of your day scanning the news for developments about data and competition, here's what has been going on in the UK since summer 2019.
Basically, the UK competition authority started an investigation into online platforms and digital advertising last summer, and issued their preliminary findings in December 2019, concluding that Facebook and Google are very powerful in the search engine and social media…
Content Type: News & Analysis
Political campaigns around the world have turned into sophisticated data operations. They rely on data- your data- to facilitate a number of decisions: where to hold rallies, which States or constituencies to focus resources on, which campaign messages to focus on in which area, and how to target supporters, undecided voters, and non-supporters.
While data driven political campaigns are not new, the granularity of data available and the potential power to sway or suppress voters through that…
Content Type: News & Analysis
A few weeks ago, its name would probably have been unknown to you. Amidst the covid-19 crisis and the lockdown it caused, Zoom has suddenly become the go-to tool for video chat and conference calling, whether it’s a business meeting, a drink with friends, or a much needed moment with your family. This intense rise in use has been financially good to the company, but it also came with a hefty toll on its image and serious scrutiny on its privacy and security practices.
While Zoom already had a…
Content Type: Long Read
‘Let’s build an app for that’ has become the response to so many things. It’s no surprise it’s happening now.
Apps are notorious for their lack of security and privacy safeguards, exploiting people’s data and devices. Now we’re being asked to trust governments with their proposed apps -- of which there are many. These are the very same governments who have been keen to exploit data in the past. For instance, PI currently has four outstanding legal cases arising from the last times governments…
Content Type: News & Analysis
These are difficult and challenging times around the world.
In this global crisis, businesses are stepping in to support efforts by Governments and public health authorities to seek to control the impact of the virus.
This is important, as help of all kinds is sorely needed. However, we must also be wary that industry initatives and public-private partnerships are not used as an opportunity to profit from this crisis or to exploit data without legal safeguards.
Companies all over the world…
Content Type: Examples
The whistleblower said they were unable to find any legitimate reason for the high volume of the requests for location information. “There is no other explanation, no other technical reason to do this. Saudi Arabia is weaponising mobile technologies,” the whistleblower claimed.
The data leaked by the whistleblower was also seen by telecommunications and security experts, who confirmed they too believed it was indicative of a surveillance campaign by Saudi Arabia.
The data shows requests for…
Content Type: Examples
Bluetooth utilizes a device pairing mechanism based on elliptic-curve Diffie-Hellman (ECDH) key exchange to allow encrypted communication between devices. The ECDH key pair consists of a private and a public key, and the public keys are exchanged to produce a shared pairing key. The devices must also agree on the elliptic curve parameters being used. Previous work on the "Invalid Curve Attack" showed that the ECDH parameters are not always validated before being used in computing the resulted…
Content Type: Examples
“The BlueBorne attack vector requires no user interaction, is compatible to all software versions, and does not require any preconditions or configurations aside of the Bluetooth being active,” warned the researchers.
“Unlike the common misconception, Bluetooth enabled devices are constantly searching for incoming connections from any devices, and not only those they have been paired with,” they added.
“This means a Bluetooth connection can be established without pairing the devices at all.…
Content Type: News & Analysis
Almost a year and a half ago we complained about seven companies to three data protection authorities in Europe. These companies, ranging from AdTech to data brokers and credit rating agencies, thrive on the collection, exploitation and processing of personal data. They profile and categorise people - without our knowledge and infringing multiple legal requirements.
Now, the French Data Protection Authority CNIL has informed us that they are following the same route and …
Content Type: Case Study
In 2015, James Bates was charged with first-degree murder in the death of Victor Collins. Collins was found floating face down in Bates’ hot tub in November 2015. Bentonville police served two search warrants ordering Amazon to turn over the “electronic data in the form of audio recordings, transcribed records, text records and other data contained on the Amazon Echo device” in Bates’ home.
The reason for the warrants? According to the police, just because the device was in the house that…
Content Type: Long Read
In 2018, following the Cambridge Analytica scandal, Facebook announced the “Download Your Information” feature allowing users to download all the information that the company have on them since the creation of the account. All of it? It doesn’t seem so. Concerns were quickly raised when Facebook released the feature, that the information was inaccurate and incomplete.
Privacy International recently tested the feature to download all ‘Ads and Business’ related information (You can accessed it…
Content Type: Report
The changes discussed in this article are based on a second analysis performed in late November, 3 months after the original study Your Mental Health is for Sale and following the exact same methodology. All data collected can be found at the bottom of this page.
Change is possible
Back in September 2019 we published the report Your Mental Health is for Sale exposing how a majority of the top websites related to mental health in France, Germany and the UK share data for advertising purposes.…
Content Type: Long Read
[Photo credit: Images Money]
The global counter-terrorism agenda is driven by a group of powerful governments and industry with a vested political and economic interest in pushing for security solutions that increasingly rely on surveillance technologies at the expenses of human rights.
To facilitate the adoption of these measures, a plethora of bodies, groups and networks of governments and other interested private stakeholders develop norms, standards and ‘good practices’ which often end up…
Content Type: Long Read
Photo by Nadine Shaabana on Unsplash
Digital identity providers
Around the world, we are seeing the growth of digital IDs, and companies looking to offer ways for people to prove their identity online and off. The UK is no exception; indeed, the trade body for the UK tech industry is calling for the development of a “digital identity ecosystem”, with private companies providing a key role. Having a role for private companies in this sector is not necessarily a problem: after all, …
Content Type: Long Read
An analysis of what Facebook, Google, and Twitter have done to provide users with political ad transparency as of September 2019. Our full analysis is linked below.
Recently the role of social media and search platforms in political campaigning and elections has come under scrutiny. Concerns range from the spread of disinformation, to profiling of users without their knowledge, to micro-targeting of users with tailored messages, to interference by foreign entities, and more. Significant…
Content Type: News & Analysis
A new UK Times report claims that “WhatsApp, Facebook and other social media platforms will be forced to disclose encrypted messages from suspected terrorists, paedophiles and other serious criminals under a new treaty between the UK and the US.”
Several other media outlets have followed up on the report, with headlines such as “UK and US set to sign treaty allowing UK police ‘back door’ access to WhatsApp and other ‘end to end encrypted’ messaging platforms”.
While the…
Content Type: Long Read
In December 2018, Privacy international exposed the dubious practices of some of the most popular apps in the world.
Out of the 36 apps we tested, we found that 61% automatically transfer data to Facebook the moment a user opens the app. This happens whether the user has a Facebook account or not, and whether they are logged into Facebook or not. We also found that some of those apps routinely send Facebook incredibly detailed and sometimes sensitive personal data. Again, it didn’t matter if…
Content Type: Examples
The Lumi by Pampers nappies will track a child's urine (not bowel movements) and comes with an app that helps you "Track just about everything". The activity sensor that is placed on the nappy also tracks a baby's sleep.
Concerns over security and privacy have been raised, given baby monitors can be susceptible to hackers and any app that holds personal information could potentially expose that information.
Experts say the concept could be helpful to some parents but that there…
Content Type: Case Study
This time, Amtis travels to year 2030 to get a sense of how the data rights framework played out:
I just moved into a new apartment and everything was a mess. My stuff was all over the place and I couldn't find anything. I received a notification on my dashboard that a delivery drone had arrived with my package.
Data rights dashboard
The dashboard showed me a summary report with information about how my data was handled: which company processed my order, the type of data that was collected…
Content Type: Long Read
Details of case:
R (on the application of Privacy International) (Appellant) v Investigatory Powers Tribunal and others (Respondents)
[2019] UKSC 22
15 May 2019
The judgment
What two questions was the Supreme Court asked to answer?
Whether section 67(8) of RIPA 2000 “ousts” the supervisory jurisdiction of the High Court to quash a judgment of the Investigatory Powers Tribunal for error of law?
Whether, and, if so, in accordance with what principles, Parliament may by…
Content Type: News & Analysis
In December 2018, we revealed how some of the most widely used apps in the Google Play Store automatically send personal data to Facebook the moment they are launched. That happens even if you don't have a Facebook account or are logged out of the Facebook platform (watch our talk at the Chaos Communication Congress (CCC) in Leipzig or read our full legal analysis here).
Today, we have some good news for you: we retested all the apps from our report and it seems as if we…
Content Type: Examples
In August 2018, banks and merchants had begun tracking the physical movements users make with input devices - keyboard, mouse, finger swipes - to aid in blocking automated attacks and suspicious transactions. In some cases, however, sites are amassing tens of millions of identifying "behavioural biometrics" profiles. Users can't tell when the data is being collected. With passwords and other personal information used to secure financial accounts under constant threat from data breaches, this…
Content Type: Examples
In October 2018, researcher Johannes Eichstaedt led a project to study how the words people use on social media reflect their underlying psychological state. Working with 1,200 patients at a Philadelphia emergency department, 114 of whom had a depression diagnosis, Eichstaedt's group studied their EMRs and up to seven years of their Facebook posts. Matching every person with a depressive diagnosis with five who did not, to mimic the distribution of depression in the population at large, from…
Content Type: Examples
In 2018, economists Marianne Bertrand and Emir Kamenica at the University of Chicago Booth School of Business showed that national divisions are so entrenched that details of what Americans buy, do, and watch can be used to predict, sometimes with more than 90% accuracy, their politics, race, income, education, and gender. In a paper published by the National Bureau of Economic Research, the economists taught machine algorithms to detect patterns in decades of responses to three long-running…
Content Type: Examples
In 2017, Britain's' two biggest supermarkets, Tesco and Sainsbury's, which jointly cover 45% of the UK's grocery market, announced they would offer discounts on car and home insurance based on customers' shopping habits. For example, based on data from its Nectar card loyalty scheme, Sainsbury's associates reliable, predictable patterns of visits to stores with safer and more cautious driving, and therefore offers those individuals cheaper insurance. For some products, Sainsbury's also mines…
Content Type: Examples
In 2018, based on an analysis of 270,000 purchases between October 2015 and December 2016 on a German ecommerce site that sells furniture on credit, researchers at the National Bureau of Economic Research found that variables such as the type of device could be used to estimate the likelihood that a purchaser would default. The difference in rates of default between users of iOS and Android was about the same as the difference between a median FICO credit score and the 80th percentile of FICO…
Content Type: News & Analysis
Palantir and the UN’s World Food Programme (WFP) are partnering for a reported $45 million. Palantir, a US-based company that sells data software and has been the centre of numerous scandals.
The World Food Programme provides assistance in food and nutrition to around 92 million people each year. Systems that are produced in agreements such as the one between WFP and Palantir increase risks to the people the they are attempting to help. There are risks to both individuals and whole populations…
Content Type: News & Analysis
Campaigners are today calling for urgent action to allow Palestinians to develop an independent telecommunications infrastructure following the release of a report detailing how the Israeli government exerts its existing control to rule and monitor the online lives of Palestinian people.
‘Connection Interrupted’, produced by Privacy International partner organisation 7amleh, describes how the Israeli government restricts key telecommunications infrastructure in Palestine,…
Content Type: Examples
In July 2018, Dutch researcher Foeke Postma discovered that Polar, the manufacturer of the world's first wireless heart rate monitor manufacturer, was exposing the heart rates, routes, dates, times, duration, and pace of exercises performed by individuals at military sites and at their homes via its social platform, Polar Flow. Polar placed these individuals at particular risk by showing all the exercises a particular individual has completed since 2014 on a single global map. Postma was able…
Content Type: Examples
In June 2018, Uber filed a US patent application for technology intended to help the company identify drunk riders by comparing data from new ride requests to past requests made by the same user. Conclusions drawn from data such as the number of typos or the angle at which the rider is holding the phone would determine which, if any, driver they were matched with. What plans the company may have for the technology is unknown; however, critics expressed concerns that it could deter prospective…