Examples of Abuse

Almost everyday a company or government abuses your data. Whether these abuses are intentional or the result of error, we must learn from these abuses so that we can better build tomorrow's policies and technologies. This resource is an opportunity to learn that this has all happened before, as well as a tool to query these abuses.

Please contact us if you think we are missing some key stories.

Actor

Issue

Technology

News & Analysis

Anatomy of an AI system: a map of the many processes — extracting material resources, data, and human labor — that make an Amazon Echo work. Credit: Kate Crawford and Vladan Joler

The mystery of the Amazon Echo data

Image: Anatomy of an AI system: a map of the many processes — extracting material resources, data, and human labor — that make an Amazon Echo work. Credit: Kate Crawford and Vladan Joler With over 6.3 million Amazon Echo devices worldwide, there is a good chance these constantly active devices will

Minnesota police coordinate with oil company to track protesters

Internal documents show that local police coordinated with Enbridge, the oil company building the Line 3 pipeline through northern Minnesota, to track and crack down on indigenous opposition to the development in an initiative known as Opposition Driven Operational Threats (ODOT). Enbridge designed

A single line of computer code landed thousands of innocent Turks in jail

The story began with the free Bylock messaging app, which was used between 2014 and 2016 and which the Turkish government associated with treason and followers of Fethullah Gülen, the group they believe was behind the attempted 2016 coup. The app was downloaded roughly half a million times and had

Jharkhand government website leaks personal details of 1 million Aadhaar subscribers

In 2017, a website run by the Jharkhand Directorate of Social Security leaked the personal details of over.1 million Aadhaar subscribers, most of them old age pensioners who had enabled automatic benefits payment into their bank accounts. Aadhaar is a 12-digit unique identification number issued to

Dutch DPA: Microsoft breaches data protection law with Windows 10

The Dutch data protection authority has found that Microsoft's Windows 10 operating system breaches Dutch law by processing personal data of the system's users without informing them clearly about what type of data the company uses and for what purpose. In addition, users cannot give valid consent

Advocacy

Privacy International's response to ILO questionnaire on realizing decent work in the platform economy

The International Labour Organisation (ILO) is developing a new legal standard to support decent work in the platform economy. Privacy International has submitted its views on the risks to the privacy, autonomy and decency of workers posed by the use of automated decision-making. This is with the aim of informing the forthcoming discussion on the standard at the 2025 and 2026 International Labour Conferences.

Cheap phones leave poorer users vulnerable

A 2017 research report found that the most vulnerable smartphone users are the ones whose devices are most open to fraud and harassment. Cheaper, low-end devices are less secure to begin with, and they are also less often replaced than their more expensive counterparts made by. Apple and Google. At

Android contact tracing apps leak location data

When Google and Apple announced their joint platform for contact tracing, the companies said the system would not track users’ locations. By mid-July, the resulting apps had been downloaded more than 20 million times in companies such as Germany and Switzerland. However, in order for Bluetooth

US company adopts voluntary microchip implants for employees

On August 1, 2017, Wisconsin company Three Square Market began offering its employees the option of implanting a tiny chip between their thumb and index finger. The chip enables employees to wave at hand at any of the company's RFID readers in order to enter the building, pay for food in the

Nearly four years of call data left exposed on open web

In January 2019, the security researcher Justin Paine discovered that the California-based voice over IP provider Voipo had left exposed an unprotected database containing tens of gigabytes of call logs, other internal documents, and customer text messages, including password resets and two-factor

No boundaries: Exfiltration of personal data by session-replay scripts

Websites have long used third-party analytics scripts to collect information about how visitors use their sites. In November 2017, researchers at Princeton found that an increasing number of sites use "session replay" scripts that collect every action the user performs while on the site, including

Facebook really is spying on you, just not through your phone’s mic

The accuracy of Facebook's ad targeting sometimes leads users to believe that Facebook is spying on them by tapping the microphones in their phones. Facebook has denied the practice - and is likely telling the truth because uploading and scanning the amount of audio data such a system would involve

Website collects Canadian federal, provincial, and territorial emergency orders

Canadian federal, provincial, and territorial governments across have put in place numerous emergency measures to curtail behaviour in order to curb the spread of COVID-19. The orders include placing people under quarantine, limiting gatherings, closing schools and businesses, barring most visits to

Cryptocurrency miners hijack UK government websites

Security researcher Scott Helme found more than 4,000 websites, including many belonging to the UK government, were infected with Coinhive, code that mines the cryptocurrency Monero. Among the sites affected were those belonging to the Information Commissioner's Office, the Student Loans Company

Toys that Listen: A Study of Parents, Children, and Internet-Connected Toys

A report from the University of Washington studies parents' and children's interactions with general-purpose connected devices and connected toys. There are numerous privacy issues: toy companies may collect masses of children's intimate data; the toys may enable parents to spy on their children

City of Toronto deal with Sidewalk Labs sparks public protests

Sidewalk Labs, a subsidiary of Alphabet (Google's owner), has signed a deal with the Canadian city of Toronto to redevelop the brownfield Quayside waterfront district and turn it into a technology hub. The deal raises three sets of issues. First (The Guardian) is the essential privatisation of

Fracking company and Lancashire police collaborate to surveil protesters

The energy company Cuadrilla used Facebook to surveil anti-fracking protesters in Blackpool and forwarded the gathered intelligence to Lancashire Police, which arrested more than 450 protesters at Cuadrilla's Preston New Road site over a period of three years in a policing operation that cost more

Federal Trade Commission studies mobile security updates

In a report on mobile security updates, the US Federal Trade Commission finds that because of the complexity of the mobile ecosystem applying security updates to operating system software on some mobile devices is time-consuming and complicated. Based on information gathered from eight device

Conditional cash transfer programmes in the US

The first conditional cash transfer program in a higher-income country was trialled in the United States by Mayor Bloomberg in New York City from April 2007 to August 2010. Known as Opportunity NYC-Family Rewards, the privately funded pilot program transferred cash rewards to families who were able

Irish ISP replaces breached customer modems

An investigation by the Irish Data Protection Commissioner has led Eir, a telecommunications company, to replace almost 20,000 modems supplied to customers with basic broadband packages without access to fibre services. The action follows an incident in 2016 in which nearly 2,000 customer routers

23andMe
Acxiom
Amazon
Anduril Industries
Baidu
Equifax
Experian
Facebook
Google
Government
IBM
Microsoft
NSO Group
China
India
Open Source Intelligence
Alibaba
Apple
Cambridge Analytica
Criteo
Oracle
Palantir
Quantcast
Samsung
Sesame Credit
Sonos
Tapad
Tesla
Twitter
Uber
Walmart
WeChat
WhatsApp
Law enforcement
Military

Anonymity
Data analysis
Satellite
Behavioural analysis
City
Credit scoring
Beyond user control
Children
Data breach
Apologies
Data broker
Claims of anonymised data
Data for sale
Competition
Data ownership
Criminal justice
Data research
Consumers
Data sharing
Wearables
Poverty
Stalking
Profiling
Welfare
Telecommunication
Advertising
Toys
Ant Financial
Privacy invasion
Private policing
Protestors
Psychology
Public space
Racism
Refugees
Regulatory complaint
Religion
Retail
Science
Security fail
Security patching and updates
Security risk
Sexism
Social media
Students
Transport
Union
Voters
Workplace
Young people
Dating
Discrimination
Discriminatory pricing
Education
Election
Employees
Employment
Finance
Fines
Gender and sexuality
Glitch
Government access
Health
Health data
Household
Identity
Implantables
Inequality
Insurance
Lack of transparency
Law enforcement
LGBTIQ+
Manipulation
Metering and rationing
Migration and borders
Military
Minorities
Mitigations
Mood analysis

Analytics
Social Media Surveillance
AI
Tracking
Backdoors
Social engineering
Prediction
Wifi
Pay with your data
Apps
Biometrics
Blacklist
Connected car
Predictive policing
Database
Delete
DNA
Error
Facial recognition
Hacking
Infrastructure
Intelligence
IoT
IoT Security
Location
Metadata
Microtargeting