Advanced Search
Content Type: Press release
Photo credit: Forbrukerrådet
The Norwegian Consumer Council has today published a report which shows how Facebook and Google appear to push users into sharing personal data, and raises questions around how such practices are GDPR compliant.
Off the back of the analysis, Privacy International is joining NCC and several other consumer and privacy groups in Europe to ask European data protection authorities to investigate whether the companies are acting in accordance with GDPR. Copies of the…
Content Type: Press release
Privacy International, Liberty, and Open Rights Group have joined over 60 NGOs, community groups, and academics across the European Union to file complaints to the European Commission. The complaints call for the EU governments to stop requiring companies to store all communications data. The practice was ruled unlawful by the Court of Justice of the European Union (CJEU) in two separate judgments in 2014 and 2016. The UK complaint was filed by Privacy International, Liberty, and Open Rights…
Content Type: News & Analysis
Privacy International welcomes today’s decision by the United States Supreme Court in Carpenter v. United States, which finds that the government must generally obtain a warrant when seeking mobile phone location records. In particular, PI applauds the Court’s recognition that “[m]apping a cell phone’s location over the course of 127 days provides an all-encompassing record of the holder’s whereabouts. As with GPS information, the timestamped data provides an intimate window into a person’s…
Content Type: Long Read
Update 28 June 2018
Last week Privacy International wrote to Thomson Reuters Corporation asking the company to commit to ensuring the vast amounts of data they provide to US immigration agencies isn’t used to identify families for indefinite detention or separation, or for other human rights abuses.
Thomson Reuters has unfortunately ignored our specific questions and made no such commitment.
Instead, the CEO Thomson Reuters Special Services (TRSS) a subsidiary, makes clear that instead of…
Content Type: Press release
Privacy International (PI) has today sent an open letter to the President of Thomson Reuters Corporation asking whether he will commit to ensuring the multinational company’s products or services are not used to enforce cruel, arbitrary, and disproportionate measures, including those currently being implemented by US immigration authorities.
Documentation shows that Thomson Reuters Corporation is selling access to highly sensitive and personal data to the US Immigration and Customs Enforcement…
Content Type: News & Analysis
In order to uphold the law and keep us safe, the police can seriously interfere with a range of fundamental human rights. And so transparency and public scrutiny of their actions are essential to protect against misconduct and abuse.
So why is the National Police Chiefs’ Council (NPCC) now permitted to operate in secret?
We all have the right to seek information from most public bodies – including the police – under the Freedom of Information Act (FOIA) 2000. When the law was first…
Content Type: Press release
Gus Hosein, Executive Director of Privacy International:
The US federal government's cruel zero tolerance immigration policy has received widespread and international condemnation. In addition to the policy's clear moral failure it is also in violation of the government's legal obligations under the International Covenant on Civil and Political Rights (ICCPR), which includes protecting families from unnecessary interference by the government.
The US government needs to understand that…
Content Type: News & Analysis
This piece originally appeared here.
The tech industry is ramping up its attack and promulgation of myths around the ePrivacy regulation, as shown by Julia Apostle’s op-ed “We survived GDPR, but now another EU privacy law looms” (June 14). Let’s set the record straight.
Myth #1: the ePrivacy regulation will be detrimental for innovation. This predictable and tired argument is made anytime companies face regulation. It is particularly fallacious in this case. The aim of the ePrivacy regulation…
Content Type: News & Analysis
Actualmente, las empresas tecnológicas se encuentran inmersas en constante cambio. Uno de ellos es la creciente importancia que ha cobrado la seguridad digital, convirtiéndose en una prioridad. Que un emprendimiento resguarde su seguridad digital significa que puede gestionar los riesgos asociados a mantener la confidencialidad, integridad y disponibilidad de su información.
En este contexto, resulta de gran relevancia que las personas responsables del emprendimiento digital y el…
Content Type: News & Analysis
El objetivo es facilitar a la sociedad civil una guía para la navegación de este organismo, efectuar un diagnóstico que permita situar cualquier persona interesada sobre la actualidad de la temática a nivel regional y descubrir la agenda de seguridad digital que sostiene la OEA en el continente.
Finalmente, concluimos con una serie de breves recomendaciones dirigidas a los organismos de la OEA. Con ello, esperamos que este órgano reconozca el papel que puede jugar como catalizador en el…
Content Type: News & Analysis
While the worlds’ attention, the world’s humour, including a dedicated playlist of 89 songs on Spotify, were on the coming into force of EU’s General Data Protection Regulation (GDPR) on 25th May, the UK’s Data Protection Act 2018 (DPA 2018) that received Royal Assent only two days previously had barely received a few column inches in the mainstream press.
However, the substance of the debates in parliament during the passage of this Act has received wide…
Content Type: News & Analysis
This piece originally appeared here.
We are much more than our physical selves. We are also digital. Every moment we generate more data. Although sometimes this data is under our control, increasingly it is not. This uncontrolled data—this metadata—is often generated as a result of our interactions, movements, sentiments, and even our inaction. Despite being beyond our control, our metadata is still accessible to many. Hardly a day goes by without a news story or global event involving data: a…
Content Type: News & Analysis
Nota de prensa
Peruanos rutinariamiente otorgan y son sometidos a verificación de sus datos personales y biométricos (huella digital, retina) en entidades públicas y privadas sin ser informados claramente de la finalidad y tratamiento posterior de la información.
RENIEC ocupa un rol predominante dentro del ecosistema nacional para dotar de coherencia al sistema de identificación que emplea tecnología biométrica. Sin embargo, pese a contar con diferentes estándares y medidas de seguridad en el…
Content Type: Press release
Privacy International (PI) has today urged England Manager Gareth Southgate to bolster his defence ahead of the World Cup in Russia, which kicks off next Thursday. PI sent Southgate an anti-surveillance 'Faraday cage' phone pouch and a briefing on his vulnerability to potential spying by rival football managers and foreign governments intent on giving their team a competitive advantage. If rival governments routinely hack and intercept each other's communications, what's stopping rival teams'…
Content Type: Press release
On the five year anniversary of NSA whistleblower Edward Snowden leaking a massive trove of classified information that has since transformed our understanding of government mass surveillance, Dr Gus Hosein, Executive Director of Privacy International said:
“Is it enough for your government to tell you ‘we’re keeping you safe, but we’re not going to tell you how’? Edward Snowden asked himself this profoundly important question five years ago. We’re thankful he did.
His decision to expose the…
Content Type: News & Analysis
We found the image here.
As the hype around the EU General Data Protection Regulation’s entry into force begins to die down, confidentiality of digital communications in Europe is facing a new challenge.
On one side, companies are lobbying to prevent the finalisation of the proposal for a new e-privacy regulation to protect privacy of communications and prevent unauthorised access to the data stored on devices, and the tracking of individual’s behaviour online.
On the other, a group…
Content Type: Long Read
The European Union's new data privacy law (General Data Protection Regulation, better known as GDPR) takes effect today May 25th, 2018, after a two-year transition period. Despite some companies appearing to believe otherwise, and many articles misrepresenting its contents, the GDPR will have a significative impact beyond the European Union, and it will extend many of its data privacy safeguards to users’ data globally.
There are a number of reasons that explain this impact:
Obligations…
Content Type: Long Read
We found the image here.
Open a Russian Matryoshka doll and you will find a smaller doll inside. Ask a large data company such as Acxiom and Oracle where they get their data from, and the answer will be from smaller data companies.
Data companies – a catch all term for data brokers, advertisers, marketers, web trackers, and more – facilitate a hidden data ecosystem that collects, generates and supplies data to wide variety of beneficiaries. The beneficiaries of the ecosystem can include other…
Content Type: Press release
On the day that GDPR comes into force, PI has launched a campaign investigating a range of data companies that make up a largely hidden data ecosystem. This hidden data ecosystem is comprised of thousands of non-consumer facing data companies - such as Acxiom, Criteo, Quantcast - that amass and exploit large amounts of personal data. Using the rights and obligations provided for within the new data privacy law, PI's campaign involves investigating a selection of these companies whose business…
Content Type: Long Read
Privacy and data protection are fundamental rights. When respected they help improve trust and reduce power imbalances. Individuals should have rights over their personal data, regardless of who holds or processes it, and effective ways to enforce those rights, through independent bodies.
While not an ideal solution, GDPR gives individuals more control over their personal data. Rather than burdening individuals with managing and protecting their data, the onus will be on the companies to do so…
Content Type: Press release
WASHINGTON, D.C. – U.S. companies should adopt the same data protection rules that are poised to go into effect in the European Union on May 25, Public Citizen, the Center for Digital Democracy and Privacy International said today.
In a sign-on letter, 28 groups are calling on some of the world’s largest companies – including Facebook, Google and Amazon, as well as digital advertisers like Nestle, Walmart and JPMorgan Chase – to use Europe’s impending General Data Protection Regulation (GDPR…
Content Type: Press release
Tomaso Falchetta, PI's Head of Advocacy and Policy team said:
"The adoption of the Data Protection Act represents an important reform which strengthens the rights of individuals and increases obligations for the industry. The Act opens the way for the application of the EU General Data Protection Regulation in the UK, and regulates the processing of personal data by companies, public authorities, law enforcement, and intelligence agencies. PI particularly welcome increased powers for the…
Content Type: Press release
In a remarkable development in Privacy International's four year legal battle against the UK Government's powers to hack phones and computers on a massive scale, the UK Supreme Court has agreed to hear the London-based charity's case in December 2018.
Privacy International's case stems from a decision by the Investigatory Powers Tribunal (a specialised court set up to hear complaints against government surveillance, including surveillance carried out by the UK intelligence agencies) finding…
Content Type: News & Analysis
We found the above image here.
Background
Email is hard to secure. For years we've been trying to build security on top of email, such as through technologies like Pretty Good Privacy (PGP) and the open source implementation: GnuPG (GPG).
What happened
In the past 48 hours, there have been very scary looking reports recommending people switch off PGP in their email clients.
The TL;DR version of this post is:
PGP is not broken by this attack
You absolutely should not stop…
Content Type: Press release
Today, as the Data Protection Bill reaches its final stages, Privacy International has written to the leaders of the main UK political parties asking for public commitment to not use the exemption provided in the Bill to target voters - both online and offline - in all local and national forthcoming elections or by-elections.
Privacy International has long been concerned about the exploitation of peoples’ data and the opaque data ecosystem, and the impact of such practices on the democratic…
Content Type: News & Analysis
En el 2011 se liquidó el DAS. Las violaciones, excesos y abusos de la inteligencia estatal que comenzaban por la intimidad y terminaban con la vida de los ciudadanos habían producido condenas judiciales a varios exdirectores: claro indicador de que se necesitaba un cambio. Siete años ha tenido el Estado colombiano para ordenar la casa y esta semana someterá sus récords de derechos humanos al examen de los miembros de Naciones Unidas. La evaluación analizará, entre otros…
Content Type: News & Analysis
Los frecuentes escándalos sobre el abuso de la vigilancia estatal en actividades de inteligencia, la exagerada obligación legal que tienen las empresas de telefonía de retener los datos de las comunicaciones de sus usuarios por cinco años o la manera como se diluye el concepto de privacidad en el Código de Policía serán parte del examen que se haga en el seno de la ONU sobre la forma como Colombia cumple sus compromisos de derechos humanos.
Dirigido por los Estados y con el auspicio del…
Content Type: News & Analysis
In the lead-up to the 30th session of the Universal Periodic Review which took place on 10 May 2018, Fundación Karisma, a partner organisation in the Privacy International Network, joined a coalition of civil society groups in Colombia to raise more awareness about the country's human rights record.
As part of the joint effort, the coalition produced factsheets on various human rights in the Colombian context, including the right to privacy. It is available in both English and Spanish.
Content Type: Long Read
If you operate an internet company in Russia, you aren’t necessarily surprised to one day open the door to someone, grasping in one hand a bundle of wires and in the other a letter from a government agency demanding access to your servers, with a black box wedged under one arm.
Internet companies in Russia are required by law to store the content of users’ communications for six months and the metadata of users’ communications for three years, essentially meaning that what a person does…
Content Type: Long Read
Hasn't Facebook said it would give European data protection to all of their users?
Yes, but only in very vague language. In an initial reaction to the Cambridge Analytica scandal, Mark Zuckerberg declared that Facebook would apply the EU General Data Protection Regulation (GDPR) “in spirit” to their 2 billion users worldwide. When questioned by members of the US Congress, Zuckerberg declared that "[a]ll the same controls will be available around the world". Representative Green sought…