Examples of Abuse

Almost everyday a company or government abuses your data. Whether these abuses are intentional or the result of error, we must learn from these abuses so that we can better build tomorrow's policies and technologies. This resource is an opportunity to learn that this has all happened before, as well as a tool to query these abuses.

Please contact us if you think we are missing some key stories.


08 May 2020
As part of their preparations to ease the lockdown, French authorities have added AI tools into the CCTV cameras in the Paris Metro to detect the number of passengers who are wearing face masks. The system is also being used in outdoor markets and buses in Cannes. Although it is mandatory to wear a
13 May 2020
Taking advantage of the pandemic to close US borders, the Trump administration is also spreading coronavirus infection by deporting detainees to receiving countries such as Guatemala, where 20% of infections are deportees. Guatemala has only two hospitals and a scattering of smaller regional medical
12 May 2020
The controversial Israeli spyware company NSO Group's US arm, Westbridge, has been trying to pitch its phone hacking software to US law enforcement agencies such as the San Diego Police Department, particularly a tool called "Phantom", which the complany claims can overcome encryption, track
19 May 2020
Cameras repurposed as "fever-detecting" aren't designed for and are not very good at detecting infections, but businesses, airlines, major employers, and public officials are nonetheless reacting to the coronavirus pandemic by spending large sums to buy them without understanding their limitations
08 May 2020

At a press conference, Israeli prime minister Benjamin Netanyahu suggested that microchipping everyone, beginning with children returning to school and kindergarten as the coronavirus lockdown ends; the chip would sound an alarm whenever anyone gets too close much as a car does. Security experts immediately objected on the grounds that microchipping kids was neither legal nor practical, that the children would be at risk from paedophiles if their data leaked to the internet; and that the real issue is enforcement.

Writer: Leon Sverdlov
Publication: Jerusalem Post

12 May 2020
Any user of India's Aaorgya Setu contact tracing app can now request deletion of the data they've entered according to the Aaorgya Seta Emergency Data Access and Knowledge Sharing Protocol, 2020, which specifies the definition, collection, processing, and storage of the data the app collects. The
28 Apr 2020
Many of the technologies used to combat the coronavirus pandemic, including monitoring and analysing social media posts, telecommunications location data, and the use of sensors, were first tested on refugees during the 2015 crisis and are now being repurposed in the name of public health. In 2019
08 May 2020
Among the regulations governing restaurants as the US State of Maine's moves into a phased reopening is a requirement to maintain customer records for contact tracing purposes, including one customer's name and contact information per party and those of the table's server. The regulations also
01 Apr 2020

The Myanmar Ministry of Union Government Office, Ministreay Health and Sports, Ministry of Transport and Communications, and youth tech expert Ko Htoo Myint Naung have collaborated on a mobile app to monitor people ordered to quarantine, adapted from other similar apps developed in countries such as South Korea. The app, which is available in Myanmar and English, allows both citizens and foreign residents to report on their health condition. Mobile operators will provide free SIM cards and 1GB of internet data for people under quarantine. A database of all registered and quarantined people will be used to build appropriate action plans.

Writer:  Myanmar News Agency
Publication: Global New Light of Myanmar

13 May 2020
In designing its Healthy Together contact tracing app, the US state of Utah opted for a GPS and Bluetooth-based design created by social media startup Twenty; it does not use the Google-Apple API. The goal is for the app to assist the 1,200 Utah Department of Health workers who are doing phone call
18 May 2020
France, like the UK, opted to develop its own contact tracing app. "StopCovid", using a centralised design developed by the Pan-European Privacy-Preserving Proxity Tracing (PEPP-PT) group, which created a framework called ROBust and the privacy-presERving proximity Tracing protocol (ROBERT). French
19 May 2020

Security researchers have found seven problems with the NHSx contact tracing app including: weaknesses in registration that could allow attackers to steal encryption keys; storing unencrypted data on handsets; generating a new random ID code only once a day; and design decisions with respect to Bluetooth connections that could enable tracking. These questions are independent of whether the app is centralised or decentralised.

Writer: BBC; Chris Culnane and Vanessa Teague
Publication: BBC; State of IT

21 May 2020
As the waning pandemic leads to signs that the protest movement is resuming, China is moving to draft new national security legislation and incorporate it into Hong Kong's Basic Law, bypassing the territory's Legislative Council. Elections for the Council are due to be held in September, and Chinese
22 May 2020
Following a similar effort in the Netherlands, the UK is planning a national research programme in collaboration with universities, water companies, and public research bodies to detect coronavirus in sewage for use as an early warning system for future outbreaks of COVID-19. About half of those
21 May 2020
Immunity passports are likely to increase discrimination and threaten fairness and public health - and won't work for practical reasons. First and foremost, scientists do not yet know whether infection confers immunity or for how long; the serological tests so far developed are insufficiently
21 May 2020

In an analysis, the smartphone privacy company Jumbo Privacy finds that Care19, North Dakota's official COVID-19 contact tracing app, sends latitude and longitude data and a unique user advertising identifier to Foursquare and other data to Google servers and the bug-tracking Bugfender. The app's privacy policy does not disclose this third-party sharing. The app development company, ProudCrowd, said it would update the privacy policy and that the data-sharing agreement does not allow Foursquare to collect or use the Care19 data beyond returning the names of nearby businesses. North Dakota officials say future versions of the app will incorporate Apple-Google's new Exposure Notification API.

Writer: Steven Melendez
Publication: Fast Company


08 Jun 2020
It's been two months since the launch of "Perú en us manos", the mobile app promoted by the Peruvian government amidst the Covid-19 pandemic. Until now the app did not accomplish the ambitious goals it set out to. On its first month the app had detected 1400 risk zones while there where already 36
26 May 2020
China is adding new features to its coronavirus surveillance app, which has helped many workers and employers return to their former lives, and looks likely to become a permanent fixture. Zhou Jiangyong, the Communist Party secretary of the eastern city of Hangzhou, has said the city's app, which it
The UK government, in collaboration with universities, water companies, and public research bodies, is preparing to launch a national research programme to develop an early warning system for future waves of COVID-19 by detecting the coronavirus in sewage. About half of those infected with SARS-CoV
21 May 2020
Technical flaws in Moscow's app, intended to track people with COVID-19 and symptoms of other respiratory diseases, led the authorities to wrongly fine hundreds, perhaps even thousands, of people, alleging they had breached self-quarantine. The app was originally launched at the end of March, but